Section 5: Malware Flashcards
What is malware?
Malware is malicious software designed to infiltrate computer systems and potentially damage them without user consent.
What are the categories of malware?
The categories of malware include viruses, worms, trojans, ransomware, spyware, rootkits, and spam.
What is a virus?
A virus attaches to clean files, spreads, and corrupts host files.
What is a worm?
A worm is a standalone program that replicates and spreads to other computers without user intervention.
What is a trojan?
A trojan disguises itself as legitimate software but grants unauthorized access when executed.
What is ransomware?
Ransomware encrypts user data and demands ransom for decryption.
What is spyware?
Spyware gathers user and system information without consent.
What is a rootkit?
A rootkit hides the presence and activities of malware on a computer at the operating system level.
What is spam in the context of malware?
Spam refers to unwanted messages often used as a vector to deliver other types of malware.
What is the difference between threat vector and attack vector?
A threat vector is the method used to infiltrate a victim’s machine, while an attack vector is the combination of the infiltration method and the infection process.
What are some types of malware attacks?
Types of malware attacks include viruses, worms, trojans, ransomware, zombies and botnets, rootkits, backdoors and logic bombs, and keyloggers.
What are zombies and botnets?
Zombies are compromised computers controlled remotely, and botnets are networks of these compromised computers used for malicious purposes.
What are indicators of a malware attack?
Indicators of a malware attack include account lockouts, concurrent session utilization, blocked content, impossible travel, resource consumption, and missing logs.
What are the specific types of viruses?
Variants of viruses include boot sector viruses, macro viruses, program viruses, multipartite viruses, encrypted viruses, polymorphic viruses, metamorphic viruses, stealth viruses, armored viruses, and hoax viruses.
What are Remote Access Trojans (RATs)?
RATs are trojans that provide attackers with control over victim machines.
What are preventive measures against ransomware?
Preventive measures include regular backups, software updates, security training, and Multi-Factor Authentication (MFA).
What techniques do rootkits use?
Rootkits use techniques like Dynamic Link Library (DLL) injection and operate at the kernel level for deep access.
What are keyloggers?
Keyloggers are tools that record keystrokes to capture sensitive information and can be either software-based or hardware-based.
What is the difference between spyware and bloatware?
Spyware secretly collects information from users, while bloatware consumes system resources unnecessarily.
What are exploitation techniques in malware?
Exploitation techniques involve malware exploiting vulnerabilities to penetrate and infect systems, sometimes using fileless techniques to evade detection.
What is multi-stage deployment in malware?
Multi-stage deployment involves malware employing multiple stages, such as a ‘dropper’ to initiate infection and a downloader to retrieve additional malicious payloads.
What are some methods for malware prevention and mitigation?
Methods include regular backups, security awareness training, anti-malware solutions, and system monitoring.
