Types of Malware Flashcards
Ransomware
- The bad guys want your money
- They’ll take your computer in the meantime
- May be a fake ransom
- Locks your computer “by the police”
• The ransom may be avoided
• A security professional may be able to
remove these kinds of malware
Crypto-malware
- New generation of ransomware
- Your data is unavailable until you provide cash
- Malware encrypts your data files
- Pictures, documents, music, movies, etc.
- Your OS remains available
- They want you running, but not working
• You must pay the bad guys to obtain the decryption
key
• Untraceable payment system
• An unfortunate use of public-key cryptography
Trojan horse
- Used by the Greeks to capture
- Troy from the Trojans - A digital wooden horse
- Software that pretends to be something else
- So it can conquer your computer
- Doesn’t really care much about replicating
- Circumvents your existing security
- Anti-virus may catch it when it runs
- The better trojans are built to avoid and disable AV
- Once it’s inside it has free reign
- And it may open the gates for other programs
Spyware
- Malware that spies on you
- Advertising, identity theft, affiliate fraud
- Can trick you into installing
- Peer to peer, fake security software
- Browser monitoring
- Capture surfing habits
- Keyloggers
- Capture every keystroke
- Send it back to the mother ship
Keyloggers
- Your keystrokes contain valuable information
- Web site login URLs, passwords, email messages
- Save all of your input
- Send it to the bad guys
- Circumvents encryption protections
- Your keystrokes are in the clear
• Other data logging
• Clipboard logging, screen logging,
instant messaging, search engine queries
Rootkits
- Originally a Unix technique
- The “root” in rootkit
• Modifies core system files - Part of the kernel
- Can be invisible to the operating system
- Won’t see it in Task Manager
- Also invisible to traditional anti-virus utilities
- If you can’t see it, you can’t stop it
Virus
- Malware that can reproduce itself
- It doesn’t need you to click anything
- It needs you to execute a program
- Reproduces through file systems or the network
- Just running a program can spread a virus
- May or may not cause problems
- Some viruses are invisible, some are annoying
- Anti-virus is very common
- Thousands of new viruses every week
- Is your signature file updated?
Virus types
- Program viruses
- It’s part of the application
- Boot sector viruses
- Who needs an OS?
- Script viruses
- Operating system and browser-based
- Macro viruses
- Common in Microsoft Office
Worms
- Malware that self-replicates
- Doesn’t need you to do anything
- Uses the network as a transmission medium
- Self-propagates and spreads quickly
- Worms are pretty bad things
- Can take over many systems very quickly
• Firewalls and IDS/IPS can mitigate many worm
infestations
• Doesn’t help much once the worm gets inside
Botnets
- Robot networks
- Skynet is self-aware
- Once your machine is infected, it becomes a bot
- You may not even know
• How does it get on your computer?
• Trojan Horse (I just saw a funny video of you! Click
here.)
or you run a program or click an ad you THOUGHT
was
legit, but…
• OS or application vulnerability
• A day in the life of a bot
• Sit around. Check in with the mother ship.
Wait for instructions.
Which of the following enables troubleshooting a malware-infected system that doesn’t boot up?
Recovery console
Which of the following would be the best malware-prevention method/tool?
End user education
Which of the following statements apply to the definition of a computer virus?
A self-replicating computer program containing malicious segmen
Requires its host application to be run to make the virus active
Attaches itself to an application program or other executable component
A collection of software tools used by a hacker to mask intrusion and obtain administrator-level access to a computer or computer network is known as
Rootkit
