Week 7 - Malware Flashcards
What is Malware?
Malware is software designed to perform malicious activities on a computer.
What is zero day malware?
Malware that exploits vulnerabilities that have not been patched yet.
What are the 3 types of Malware?
viruses, trojans and Worms
What is a virus?
a malicious executable code that multiplies itself by attaching to a host document
What is a polymorphic virus?
A polymorphic virus mutates as it spreads to avoid detection, making it harder to identify using signature-based antivirus software.
it leaves a signature to indicate a file has been infected
What are the three main parts of a virus?
- Concealment (hiding from detection)
- Propagation (spreading to other files)
- payload (carrying out malicious actions)
What is a logic bomb virus?
A logic bomb virus activates when specific conditions are met.
e.g
deleting files after a certain event occurs
What is a time bomb virus?
A time bomb virus activates at specified time or date
How else can we classify viruses?
Bases on the infection mechanism
could be a file infector, boot sector, email virus, operating system infection mechanism.
What is a worm?
a self-replicating malware program that spreads across networks without human interaction
What is a trojan?
malware disguised as harmless program that hides malicious software, like keyloggers or creates a backdoor for attackers
What are the three main areas of malware prevention and detection?
- increasing user awareness (avoidance of downloading suspicious files)
- technical solutions (intrusion detection, firewalls)
- Antivirus software (identifies and removes malware from an infected computer)
How does antivirus work?
use of virus dictionaries to search every file for known virus signatures
requires regular updates and not effective against polymorphic viruses
What is an integrity checker?
alerts the user when a very old file has been recently modified. helps detect damage caused by viruses but not before the infection happens.
What is activity monitoring in antivirus software?
monitoring activities of all programs and looking for suspicious behavior. (file modification, boot up time taking longer than usual)
What is quarantining in activity monitoring ?
where the suspected file is placed into a new location where it can’t impact the system
e.g
sandbox - a secure environment isolated from OS
What is a tarpit in cybersecurity?
a security mechanism that intentionally delays network connections to a sever, slowing down malware spread
How do tarpits help in mitigating worm infections?
slows the spread of worms by increasing the time it takes for infected packets to reach new hosts
How do tarpits help mitigate Denial of Service (DoS) attacks?
slows down the response time for each incoming HTTP request in a DoS attack, without impacting legitimate users, thus slowing the DoS attack.
What is a honeypot in cybersecurity?
a decoy computer system that is set up to attract attackers. contains no valuable information
How do honeypots help gather information about attackers?
Appear to contain valuable information to lure attackers. allowing defenders to gather information about attacker’s methods and intentions
What are the two types of Malware Analysis?
Static and Dynamic
What is static analysis?
examining files for malicious intent without running the code.
How do we use Static analysis?
tools like disassemblers and network analysers user to look at file names, hashes and IP addresses.
What is a limitation of static analysis?
May miss complicated malware that only shows malicious behaviour during runtime
What is dynamic analysis in malware detection?
executes suspected files in a controlled environment (sandbox)
What is a limitation of dynamic analysis?
attackers have become skilled at detecting sandboxes and will use techniques to hide malicious code inside the sandbox
How do we use dynamic analysis?
allows security professionals to observe malware behavior without letting it affect the system or network.
obtaining an understanding of the malicious code’s behaviour