PM - Section 1.1 Malware Flashcards
Name some malware types
Viruses Crypto-malware (used to encrypt all your data) Ransomware Worms trojan horse Rootkit Keylogger Adware/Spyware Botnet
What is malware?
Malicious software
How do you get malware?
Exploits a vulnerability and installs a remote access backdoor.
Your computer must execute a program - email link, popup, drive by download, worm.
What is a virus?
Can be propagate from device to device and replicate. Reproduces through file systems or network. Many are invisible.
What are some types of viruses?
Program viruses - part of application.
Boot sector viruses
Script viruses - OS based and browser based
Macro viruses - common in MS office.
What is a worm?
A worm is a type of virus that can move itself from one computer to another. No human interaction needed. Uses network as a transmission medium.
How to stop a worm?
Firewalls
IDS/IPS can mitigate worms effects.
Intrusion Prevention System.
What is the WannaCry worm?
Affects Windows systems. Looks for a vulnerable system installs EternalBlue. EB installs a backdoor and downloads WannaCry
What is ransomware?
Computer is locked and encrypted until you pay for a ransom. Can be fake and just be a splash screen.
What is crypto-malware?
Encrypts all data files, but OS still works until you pay for the decryption key. (A public key cryptography)
How to avoid a crypto-malware attack?
Have a backup of your files off line. Keep OS up-to-date.
What is a Trojan Horse?
Pretends to be something else. Doesn’t replicate.
What is a backdoor?
Opens up a channel to allow other malware to get in. Any software could have a backdoor!
What is a RAT?
Remote Access Trojans/ Remote Administration Tools
Downloaded with other software and allows allows admin control. E.g. Key logger, screen-recordings, copy files, install more malware.
What is a RootKit?
Unix/Linux devices. It modifies the kernel of the OS. Antivirus/anti-malware software cannot find it. It’s invisible to the OS.
What is a Zeus/Zbot malware?
Famous for cleaning out bank accounts.
Now combined with a RootKit - and the rootkit would prevent you from deleting Zbot.
How to protect against RootKit attacks?
Very difficult.
Use a rootkit remover if you find one.
Secure boot with UEFI Bios..?
What is a keylogger?
Saves all keystrokes to a file to grab passwords/emails etc. Circumvent encryption protections.
How do you prevent keyloggers
Use anti-malware.
Firewalls to watch for file transfers.
Keylogging scanner.
What is Adware and Spyware?
Popups that slow down you computer. Makes your computer one big advertisement.
Spyware watches what you are doing - identity theft. Poses as fake security software.
Why is there so much Adware/Spyware?
Money
- Advertising is valuable
- Could hijack and use you CPU
- Spy and find your bank account
How to protect against Adware/Spyware?
Update antivirus/malware software.
Runs scans e.g. malwarebytes
What is a Botnet?
A computer is infected with a virtual robot. Enters through a trojan horse or OS or app vulnerability.
Waits for commands from the main system. Utilizes DDos through the power of many.
You can rent time one the botnets to target a website to make something inaccessible for a set amount of time.
What is the ZeuS botnet?
Waited for you to log into bank, then transferred credentials to hackers.
How can you see all the active botnets?
map.lookingglasscyber.com
How can you prevent a botnet?
Keep everything up-to-date.
Prevent C&C Command and Control - Bots log into chatrooms to wait for commands from the central server.
Block the chatroom at the firewall
What is a logic bomb?
Malware that waits for a predefined event, often based on time or maybe a backup process.
Often left by someone with a grudge who had admin access.
How do you prevent a logic bomb?
They are very difficult to recognize.
Create processes/procedures with a formal change control
Monitor changes - create alerts and use software like Tripware to track changes.