MOD 7 - Malware Threats Flashcards
Advanced Persistent Threat
Gains access to network and remains undetected for a long period of time. Goal is to obtain sensitive info, rather than causing damage.
Trojan
Malicious software “wrapped with” or “bound to” other programs or files. Cannot replicate or propagate on its own, so it needs the victim to intentionally install it, unaware there is a malicious “freeloader” attached. Uses a “wrapper” or “binder” program to wrap the malware with some legitimate software. RAT = Remote Access Trojan. Botnet trojans take over the machine and allow it to be remote-controlled.
Virus
Malicious software that attaches to other programs and files, and spreads through human interaction (e-mail, USB drives, etc.). Requires a host application to replicate (on the same machine). Cannot propagate to other machines without human assistance.
Viruses self-replicate by attaching to another program, boot sector of the HDD, or document.
Types of Viruses
Multipartite, Macro, Encryption virus, Cavity virus, polymorphic, boot-sector virus, etc.
- Worm
Automated malware, similar to a virus, that can spread through your network by taking advantage of network vulns. Unlike a virus, a worm does not require human interaction to spread.
Ransomware
Encrypts your files and holds them for “ransom”. You must pay the attacker to give you the decryption key. Ransomware is rampant these days so make sure you have all your company data backed-up and taken off-site regularly! Also, encrypt those tapes before taking them off-site, and transport them in a locked box or case (in case they get lost or stolen).
- Scareware
Scares the victim into installing software or performing some action. For example “Your computer is infected! Click here to remove it..”
File-less malware
attack technique that uses existing, built-in OS tools and utilities to launch attacks. This cannot be detected by antivirus or IDS/IPS or be blocked by application whitelisting because there is no malicious signature to look for
VirusTotal
Free online service that analyzes suspicious files and URLS to detect viruses, trojans, worms, etc. Module 7 of iLabs has a lab for this.
- Malware detection techniques
Signature, Behavior, Cloud-based (Cloud based sends the files to be scanned up to a cloud-based scanning service)