Section 3: Malware Infections Flashcards
Threat Vector
Method used by an attacker to access a victim’s machine
Attack Vector
Method used by an attacker to gain access to a victim’s machine in order to infect it with malware (the way we get to the machine and how we infect it)
What are the three most common delivery methods for malware infections?
Software, messaging, and media (usbs, etc.)
What is a watering hole?
Malware is placed on a website that you know your potential victims will access
Botnet
A collection of compromised computers under the control of a master node
What is a zombie in a botnet?
It is one of several computers being controlled by an attacker on one computer, called a C2, or Command and Control computer. These attackers utilize the zombie computers to conduct their attacks so it looks like it’s coming from your computer, not theirs. Processor intensive functions.
What is a DDoS?
Distributed Denial of Service attack. Attacker takes control of several machines, and they all make the request simultaneously to take a server down, or they use them to mine bitcoin.
Active Interception
Occurs when a computer is placed between the sender and receiver and is able to capture modify the traffic between them.
Privilege Escalation
Occurs when you are able to exploit a design flaw or bug in a system to gain access to resources that a normal user isn’t able to access (think about the demo with EternalBlue)
Backdoors
Used to bypass normal security and authentication functions
What is a Remote Access Trojan?
It is malware placed by an attacker maintain persistent access.
Easter Egg
Non-malicious code that when invoked, displays an insider joke, hidden message, or secret feature
Logic Bomb
Malicious code that has been inserted inside a program and will execute only when certain conditions have been met (adjacent to easter eggs) (this is the attack used in Jurassic Park)
Symptoms of infection
Computer is acting strangely, blue screening or locking up, restarts a lot, can’t get to files or apps anymore, strange noises, unusual error messages, display looks strange, jumbled printouts, new icons on the desktop, disappearing icons, double file extensions, AV won’t run, new files or folders, system restore doesn’t work
Removing Malware Common Practices
Identify symptoms of infection
Quarantine the infected systems so it won’t spread *unplug the network cable
Disable system restore (if you’re using Windows) so no one can take snapshots
Remediate the infected system (scan with AV and remove virus, rebooting in safe mode)
Schedule automatic updates and scans
Enable system restore and create a new restore point
Provide end user security awareness training
