Types Of Malware/ Anti-Malware Tools ( Comptia Objective 2.4) Flashcards
What is Ransomware and how does it work?
- Is a type of malware where you try to logon to your computer and are greeted with a message that says something along the lines of “ Your computer has been Locked! Due to a law violation of some sort, please make a payment of $200 to unlock your system
- May be a Fake Ransom( Locks your computer and claims to be the police who have locked it)
- The bad guys just want your money( They’ll take your computer in the meantime)
- The ransom may be avoided. A security professional may be able to remove these kinds of malware.
What is Crypto-malware and how does it work?
- The latest generation of ransomware. Your data is unavailable until you provide cash.
- This type of Malware encrypts your data files( Pictures, documents, music, movies etc) and the only way to decrypt the data is to pay the ransom to receive a key to decrypt your data. Your operating system however remains unaffected.( They want you running but not working)
- Again when trying to gain access to your system you will see a popup window(The malware software) stating you have to pay to unlock your system and decrypt your data. Often they will ask for payment in cryptocurrency such as bitcoin which makes it untraceable.
- Because of Malware’s such as this it is crucial to keep an offline backup image so that if you do get this type of malware you can just wipe everything and install from the backup and regain access.
What is Trojan horse malware and how does it work?
- Historically used by the greeks to capture Troy from the Trojans( presented a wooden horse as a gift the trojans not knowing that inside the horse was hundreds of soliders who once inside attacked and captured Troy)
- A Trojan horse is basically a digital wooden horse.
- The malware poses itself as something else that is safe and trusted and then behind the scenes infects you with the malware so that it can conquer your computer.
- Circumvents your existing security because you the user are choosing to install it. Anti-virus may catch it when it runs however the better trojan horses are built to avoid and disable AV.
- Once it’s inside your system it has free reign and may open the gates for other programs.
What is Spyware and what does it do?
- Malware that spies on you( Advertising, identity theft, affiliate fraud
- Can trick you into installing( Peer to peer software, fake security software) and then installs in a trojan like fashion.
- The spyware can also view your browser surfing habits.
- In some instances Keyloggers could be used to capture usernames and passwords used online and then send onto the mothership.
What are keyloggers and how do they work?
- Your keystrokes contain valuable information( Web site login URLS, passwords, email messages etc)
- The keylogger is able to capture your inputs on your keyboard and figure out your usernames, passwords etc. Very powerful malware can save all of your inputs and send it to the bad guys.
- Circumvents encryption protections( Your keystrokes are in the clear)
- There are other special types of keyloggers used for other types of data logging( Clipboard logging, screen logging, instant messaging, search engine queries etc) .
What is a rootkit and what does it do?
- This is a very serious type of Malware
- Originally a Unix technique( The “root” in rootkit)
- Modifies core system files( Part of the kernel)
- Is not usually an application becomes part of the operating itself and can be invisible in the operating system( Won’t see it running in the task manager) making it extremely dangerous.
- Also invisible to traditional anti-virus utilities( If you can’t see it, you can’t stop it)
- Fortunately rootkits are relatively rare
What does the term Virus mean?
- A generic term for malware.
- Malware that can reproduce itself( With your assistance of course)
- It needs you to execute a program/application
- Can reproduces itself through file systems or the network. Just running a program can spread a virus.
- May or may not cause problems. ( Some viruses are invisible, some are annoying)
- Anti-virus is very common( Thousands of new viruses every week is your signature file updated? )
What are the various types of viruses?
- Program viruses( It’s part of an application install)
- Boot sector virus( Who needs an OS?)
- Script viruses( Operating system and browser based such as taking advantage of java script inside your browser)
- Macro viruses( Common in Microsoft Office) . Can delete your data or send your files to a third party.
What are Worms? And what makes them more dangerous than your standard type of malware?
- A type of Malware that self-replicates itself without user intervention
- Doesn’t need you to do anything
- Uses the network as a transmission medium
- Self propagates and spreads quickly.
- Worms are pretty bad things( Can take over many systems very quickly)
- Firewalls and IDS/IPS can mitigate many worm infestations. But this doesn’t help much once the worm is already inside the system.
What is the Wannacry Worm? And what does it do?
- Is a type of worm that infects multiple systems with ransomware.
- Vulnerable systems are looked for over the network and are exploited with something called EternalBlue this then installs a backdoor which downloads the Wannacry worm
What are Botnets and how do they work?
- Robot networks( Skynet is self-aware) performs automated functions
- Once your machine is infected it becomes a bot( You may not even know)
- Botnets get onto your computer via something like a Trojan horse(“ I just saw a funny video of you! Click here”) or you run a program or click an ad you THOUGHT was legit, but….. or via an OS or application vulnerability.
- After botnet installation it lives the life of a bot. Sit’s around and waits for instructions from a “ mother ship” .
When it comes to anti-virus and anti-malware what is important thing to know?
- You need both!
- Real time options( not just an on-demand scan)
- Modern anti-malware recognizes malicious activity( Doesn’t require a specific set of signatures)
What is the Windows Recovery Environment and what is it used for?
- Very powerful
- Gives you access to the operating system in the event that the malware is preventing you having access to your system
- It should be noted that using this can be very dangerous and should be used as a last resort as you could accidentally cause permanent loss of data or damage your system
- Provides complete control( Fix your problems before the system starts) . Also allows you to remove malicious software.
- Requires additional information( Use, copy, rename, or replace operating system files and folders) , Enable or disable service or device startup. Also allows you to repair the file system boot sector or the master boot record( MBR)
How would you access the Windows Recovery Environment console?
- In Windows 7 you would need to boot from the installation media or press F8 on startup and select Advanced Boot Menu.
- You will then be provided System Recovery Options or the command prompt option.
- In order to access the console in Windows 8/8.1 and Windows 10 you would access the console by booting from the installation media and then select “ Troubleshoot/Advanced Options/Command Prompt
What is one of the BEST ways to recover from Malware?
- Backup/Restore
- Always have a backup( This is the best insurance policy ever)
- Image backup built into Windows. In Windows 8/10 it’s called Backup and Restore( Windows 7)
- This is the only way to be 100% sure that malware has been removed. Seriously cleaning isn’t 100%.