MODULE 5 Flashcards
Malware:
A program that intends to compromise confidentiality, integrity, or availability system assets
Backdoor (Trapdoor):
Secret entry point that bypasses security
Mobile code:
Programs that move between heterogeneous devices
Auto-rooter kit:
Malware that generates virus codes
Crimeware:
Kits for building malware
Rootkit:
Set of hidden programs that acquire administrative access
Zombie (Bot):
Software on internet attached computers that launch attacks on others
APT stands for _____
Advanced Persistent Threats
APT:
Sophisticated attacks over an extended period on selected targets
Classification of malware:
- Needs host
- Independent
- Doesn’t replicate
- Replicates
Attack sources:
- Politically motivated
- Criminals
- Organized crime
- International consultancy organizations
- National government agencies
APT techniques:
- Social engineering
- Spear-phishing
- Drive-by-downloads
APT’s intent:
- Infect the target
- Extend access
Phases of a typical virus:
- Dormant (Idle)
- Propagation (Copying)
- Triggering (Activating)
- Execution (Performing functions)
Mobile phone worms:
Worms that communicate via Bluetooth
Threat mitigation options:
- Detection
- Identification
- Removal
Virus components:
- Infection mechanism
- Trigger
- Payload
Drive-by-download:
Exploiting browser vulnerabilities when a user visits a compromised website
Water-hole attack:
Studying victim behavior to know what websites they use and then scanning said websites for vulnerabilities to compromise it
Malvertising:
Paying for ads with malware in them on websites that the victim visits
Clickjacking (UI redress attack):
Leading the user to believe that they’re typing their password to their bank account when instead, they’re typing it into an invisible frame
Payload types:
- Causing system corruption
- Attack agent bots
- Information theft
- Rootkits and backdoors
Klez payload:
Stops anti-virus programs
Chernobyl payload:
Infects files when they’re opened
Ransomware payload:
Encrypts user data to demand payment in order to recover the data
Real-world damage payload:
Damages physical equipment
DDoS stands for _____
Distributed Denial of Service
Bot uses:
- DDoS
- Spam
- Advertisement
- Manipulating polls
- Spreading malware
- Sniffing
Phishing identity theft:
Social engineering by masquerading as a trusted source
Spear phishing:
Acting as a trusted source for a specific target
Main elements of prevention:
- Policy
- Awareness
- Vulnerability mitigation
- Threat mitigation
Requirements for effective malware countermeasures:
- Generality
- Timeliness
- Resiliency
- Minimal DoS costs
- Transparency
- Global/local coverage
Antivirus software generations:
- Simple scanners
- Heuristic scanners
- Activity traps
- Full-featured protection
Host-based behavior-blocking software:
Software that integrates with the host to monitor program behavior for malicious actions
