MOD 7 - Malware Threats Flashcards

1
Q

Advanced Persistent Threat

A

Gains access to network and remains undetected for a long period of time. Goal is to obtain sensitive info, rather than causing damage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Trojan

A

Malicious software “wrapped with” or “bound to” other programs or files. Cannot replicate or propagate on its own, so it needs the victim to intentionally install it, unaware there is a malicious “freeloader” attached. Uses a “wrapper” or “binder” program to wrap the malware with some legitimate software. RAT = Remote Access Trojan. Botnet trojans take over the machine and allow it to be remote-controlled.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Virus

A

Malicious software that attaches to other programs and files, and spreads through human interaction (e-mail, USB drives, etc.). Requires a host application to replicate (on the same machine). Cannot propagate to other machines without human assistance.
Viruses self-replicate by attaching to another program, boot sector of the HDD, or document.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Types of Viruses

A

Multipartite, Macro, Encryption virus, Cavity virus, polymorphic, boot-sector virus, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  • Worm
A

Automated malware, similar to a virus, that can spread through your network by taking advantage of network vulns. Unlike a virus, a worm does not require human interaction to spread.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Ransomware

A

Encrypts your files and holds them for “ransom”. You must pay the attacker to give you the decryption key. Ransomware is rampant these days so make sure you have all your company data backed-up and taken off-site regularly! Also, encrypt those tapes before taking them off-site, and transport them in a locked box or case (in case they get lost or stolen).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  • Scareware
A

Scares the victim into installing software or performing some action. For example “Your computer is infected! Click here to remove it..”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

File-less malware

A

attack technique that uses existing, built-in OS tools and utilities to launch attacks. This cannot be detected by antivirus or IDS/IPS or be blocked by application whitelisting because there is no malicious signature to look for

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

VirusTotal

A

Free online service that analyzes suspicious files and URLS to detect viruses, trojans, worms, etc. Module 7 of iLabs has a lab for this.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
  • Malware detection techniques
A

Signature, Behavior, Cloud-based (Cloud based sends the files to be scanned up to a cloud-based scanning service)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly