Module 3 Flashcards
Endpoints
- Refers to a network-connected hardware device
- Ex: Computer, smartphone, tablet, wearable fitness trackers, etc
Malware
- Malicious software that enters a computer system without the user’s knowledge or consent and then performs an unwanted and harmful action.
- There are millions of different types of malware (hard to classify)
What are the malware actions used for grouping? (hint 5)
Imprison, Launch, Snoop, Deceive, Evade
What are the two kinds of Imprison
- Ransomware: Malware that prevents a user’s endpoint device from properly and fully functioning until a fee is paid.
- Cryptomalware: Malware that encrypts all the files on the device so that none of them can be opened until a ransom is paid.
- new variants of cryptomalware encrypt all files on any network or attached device connected to that computer
What are launch attacks and what are the 3 different kinds?
- Infects a computer to launch attacks on it
- Launch attacks include: Virus, Worm, Bot
Describe the two different types of viruses? Why is one better than the other?
-
File-Based Virus: malicious computer code that is attached to a file.
- Ex: Appender infection, armor file-based virus, split infection, mutation
-
File-less Virus: A type of malware that takes advantage of native services and processes that are part of the OS to avoid detection and carry out its attacks.
- Services are called living-off-the-land binaries (LOLBins).
- Fileless is better than file based because it is harder to detect, easier to infect, Difficult to defend against
Worm
Type of launch attack
- Malicious program that uses a computer network to replicate. (network viruses)
- A worm is designed to enter a computer through the network and then take advantage of a vulnerability in an application or an OS on the host computer. Then searches for another computer on the network with the same vulnerability
Bot
Type of launch attack
- Bot: An infected computer placed under the remote control of an attacker for the purpose of launching attacks.
- When hundreds, thousands, or even millions of bot computers are gathered into a logical computer network, they create a botnet under the control of a bot herder.
- Infected bot computers receive instruction from a command and control (C&C) structure telling which computers to attack and how
- When hundreds, thousands, or even millions of bot computers are gathered into a logical computer network, they create a botnet under the control of a bot herder.
What is “snoops” and what are the different types?
Category of malware that spies on its victims
- Two types are spyware and keyloggers
What is spyware and what are the different technologies used by it?
- Tracking software that is deployed without the consent or control of the user.
- Technologies:
- Automatic download software
- passive tracking technologies
- system modifying software
- tracking software
What is keylogger?
Hardware or software that silently captures and stores each keystroke that a user types on the computer’s keyboard.
What is deceive and what are the different softwares in this category? (hint 3)
- Category of malware that attempts to deceive the user and hide it’s true intentions
- Includes: potentially unwanted programs (PUPs), Trojans, and remote access Trojans (RATs).
What are Potentially Unwanted Programs (PUP)
- Software that users do not want on their computer.
- Often installed along with other programs and are overlooked in the process
Trojan
- An executable program that masquerades as performing a benign activity but also does something malicious.
- Ex: User downloads a calendar program but also installs malware that scans the computer (malicious activity)
Remote Access Trojan (RAT)
Malware that infects a computer like a Trojan but also gives the threat agent unauthorized remote access to the victim’s computer by using specially configured communication protocols.