Section 2: Malware Flashcards
What is a malware?
Software designed to infiltrate a computer system and possibly damage it without the user’s knowledge or consent.
- Viruses
- Worms
- Trojans
- Ransomware
- Spyware
- Rootkits
- Spam
What is a Virus?
A malicious code that runs on a machine without the user’s knowledge and infects the computer when executed.
- requires user’s action in order to reproduce and spread
What are the 10 types of viruses?
- Boot Sector Virus
- Macro Virus
- Program Virus
- Multipartite Virus
- Encrypted Virus
- Polymorphic Virus
- Metamorphic Virus
- Stealth Virus
- Armoured Virus
- Hoax Virus
What is a Boot Sector Virus?
Virus that is stored in the first sector of a hard drive and are loaded into memory upon boot up
- difficult to detect
- installed before OS boots up
- need specific AV that looks for boot sector viruses to find it
What is a Macro Virus?
Virus that is embedded into a document and is executed when the document is opened by a user
- Word / Power Point / Excel
- macros are not malicious by themselves, they are used to do many useful functions in short periods of time
- Excel for example, can have a macro code that makes calculations faster. But because you can add code to that macro, bad guys can take advantage of this and add malicious code
What is a Program Virus?
A virus that infects an executable or an application
- Every time you open an application or execute the program, you load the virus
What is a Multipartite Virus?
Combination of Boot Sector virus and Program virus. Attaches itself to the boot sector and system files before attacking other files on the computer
- allows for persistence
- you can find the program virus within windows, but not find the boot sector. Every time you reboot, it will reinstall into windows again
What is an Encrypted Virus?
A virus that uses a cipher to encrypt its contents to avoid detection by any AV
What is a Polymorphic Virus?
An advanced version of an encrypted virus that changes itself every time it is executed by altering the decryption module to avoid detection
- morphs the way its code looks so that a signature-based AV cannot detect it anymore
What is a Metamorphic Virus?
Virus that is able to rewrite itself entirely before it attempts to infect a file (advanced version of a polymorphic virus)
What is a Stealth Virus?
It is a sub category of viruses who have mechanisms to stay undetected/protect themselves
- Encrypted, Polymorphic, Metamorphic
What is an Armoured Virus?
A virus that has a layer of protection to confuse a program or person analysing it
What is a Hoax Virus?
Not necessarily a virus, but instead you get a virus that is trying to trick a user into infecting their own machine
- message or website popup
- phone call from someone pretending to work for Microsoft (“follow these steps to remove virus”)
- “install this type of software to get rid of the virus”
- allowing remote access to your machine
What is a Worm?
A piece of malicious software, like a virus, but is able to replicate and spread without user interaction
- they take advantage of security holes in OS
- can move from victim to victim, network to network, and across the world
- can cause disruption to network traffic and computing activities
- can cause a system to crash
What does a Worm use within a system?
- Computing power
- Processing power
- Memory
- Network traffic
What is a Trojan?
Malicious software that is disguised as a piece of harmless or desirable software
- they perform desired functions but then also a malicious function ontop
What is a RAT?
Remote Access Trojan
- provides the attacker with remote control of a victim computer and is the most commonly used type of trojan
What is a Ransomware?
Malware that restricts access to a victim’s computer system until a ransom is received
- uses vulnerabilities in your software to gain access and then encrypt your files
- essentially blackmail and extortion
What is a Spyware?
Malware that secretly gathers information about the user without their consent
- installed from a website or 3rd party software
- best case - goes through all the information on your system and build a profile about you
- worst case - includes a key logger
- best best case - it is just an Adware which displays advertisements based upon its spying on you
What is a Key Logger?
Malware that captures the victims keystrokes and takes screenshots for the attacker
What is an Adware?
Specific type of spyware that displays adverts to you based on what you searched for
What is a Grayware (Jokeware)?
Software that isn’t benign nor malicious and tends to behave improperly without serious consequences
- not good or bad, just in the middle
- example - crazy mouse, which makes your mouse jump around everywhere on your sceen
What is a Rootkit?
Software designed to gain administrative level control over a system without being detected
Which Ring level does the Rootkit sit?
Ring 1, or Ring 0 preferrably
Which Ring can you find Kernel-Mode?
Ring 0
Which Ring can you find User privileges?
Ring 3
Which Ring can you find Administrator privileges?
Ring 1
What does the Kernel-Mode control?
- Sound cards
- Monitors
- Drivers etc
What is a DLL?
Dynamic Link Library
What does a DLL do?
It is a library that contains code and data that can be used by more than one program at the same time
What is a DLL Injection?
A technique rootkits use to maintain their persistent control
- inserting malicious code into a running process on a Win machine by taking advantage of DLL that are loaded at run time
What is Driver Manipulation?
An attack that relies on compromising the kernel-mode device drivers that operate a privilege or system level
What is a Shim?
Piece of software code that is placed between two components to intercept calls and redirect them.
The rootkit will allow an interception to happen between the Win OS and DLL and then redirect that code which includes the malicious code embedded within
When are Rootkits activated?
Before booting up the operating system and are difficult to detect
What is the best way to detect a rootkit?
Boot up from an external device, and then scan the internal hard drive of the infected device
What is Spam?
Activity that abuses electronic messaging. Most commonly Email
- texting
- social media
- broadcast media
- instant messaging
How can spammers exploit Organisations email servers?
By exploiting their Open Mail Relays to send messages
- These servers can send emails on behalf of others. Spammers take advantage of that
Which Law deems spamming illegal?
CAN-SPAM Act of 2003
- Controlling the Assault of Non Solicited Pornography and Marketing Act
What is SPIM (IAM SPAM)?
Spam over Instant Messaging
- text messages
- Facebook chat
- chat room inside games