1.1 given a scenario analyze indicators of compromise and determine the type of malware
Spyware
1. A program that monitors users activity and send the information to someone else. This can occur with or without the users knowledge. 2. software that enables a user to obtain covert information about another's computer activities by transmitting data covertly from their hard drive.
Trojan horse Malware
A Malicious program hidden within an innocent seeming piece of software . usually , tries to compromise the security of the target computer
Rootkit
A backdoor malware that changes core system files and programming interface, so that Local shell processes no longer reveal their presents.
? For an attacker to perform a distributed denial of service ( DDoS ) attack, which of the following control programs would allow the hacker to compromise devices and turn them into zombies.
A bot or botnet
Crypto malware
A class of ransomware that attempts to encrypt data files. if the attack is successful , the user will be unable to access the files without obtaining the private encryption key , which is held by the attacker for money
? What is the difference between a virus and a worm?
A computer virus is malware that replicates and spreads from computer to computer usually by affecting executable applications or program code. Worms are memory resident viruses that replicate over network resources. A worm is self-contained that is , it does not need to attach itself to another executable file. Both computer viruses and worms replicate and spread from computer to computer throughout an infected network . viruses , not worms replicate by infecting applications. Worms are self contained and do not need to attach themselves to other applications. Both computer viruses and worms replicate and spread from computer to computer throughout and affected area
Rogueware
A fake antivirus , where a web pop-up claims to have detected viruses on the computer and prompts the user to initiate a full scan , which installs the attackers Trojan malware.
? Doing an internal investigation, a security specialist discovered a malicious backdoor script on a system administrators Machine that executes if the admin account becomes disabled. What type of malware did the specialist discover?
A logic bomb
Logic bomb
A malicious program or script that is set to run under particular circumstances or in response to a defined event, such as the admin's account becoming disabled.
Shoulder surfing
A procedure in which attackers often position themselves in such a way as to be able to observe the authorized user entering the correct access code. Stealing a password or pin( or other the secure information ) by watching the user type it
Phishing
A scam wherein an email user is duped into revealing personal or a confidential information that the scammer can use illicitly. An attack that sends an email or displays a Web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information like password
Mine malware
A scripted trap that runs in the event an account is deleted or disabled, anti-virus software is unlikely to detect this kind of malicious script or program, so the security specialist would not be able to discover the script doing an investigation. The mind would become known once it gets executed and causes damage.
Botnet
A set of computers that has been affected by a control program called a bot, that enables attackers to exploit the computer to mount attacks.
Tailgating
A social engineering technique to gain access to a building by following someone else or ( persuading them to hold the door). Tailgating is a means of entering a secure area without authorization by following close behind the person that has been allowed to open the door or checkpoint.
Worm
A type of virus that spreads through memory and network connections, rather than infected files.
Vishing is phishing that involves voice communication.
An electronic fraud tactic in which individuals are tricked into revealing critical financial or personal information to unauthorized entities using voice technology
Backdoor
Avenues that can be used to access a system while circumventing normal security mechanisms. Method of bypassing security in a system, built in by the system designers.
Remote Access Trojan (RAT)
It functions as a back door, and allow the attacker to access the PC, upload files, and install software on it.
? An attacker compromised A Series of computers with a botnet and installed remote access Trojan (RATs )on them . what else can the attacker now do with this type of malicious network. ?
Launch a mass mail spam attack, establish a connection with a command and control server, launch a distributed denial of service (DDoS) attack.
Keylogging Mitigate
One way to mitigate the effects of key logging is to use a keyboard that encrypts the keystrokes signals before they are sent to the system unit.
R.A.T. Uses
RAT backdoor applications can allow the user to use the computer in a botnet to launch distributed denial of service ( DoS) attacks. RAT back door applications can allow the user to use a computer and a botnet to launch mass mail spam of attacks. RAT must establish connection from the compromise host to a command and control (C2 or C&C) host or network operated by the attacker.
? An attacker installed Malware that removes explorer , Task manager, and power shell from The uses window computer .what type of mail where did the Taca install on the victims host?
Rootkits
Adware
Software that records information about a PC and its user, and usually deploys pop-up of commercial offers and deals. Any type of software that displays commercial offerings and deals. Adware software can have a negative impact on performances and can include accepting a long lease agreement.
Social engineering
The art of deceiving another individual so that they reveal confidential information. this is often accomplished by posing as an individual who should be entitled to have access to the information.
Dumpster diving
The process of going through a targets trash searching for information that can be used in an attack or to gain knowledge about a system on network. a low-tech means of gathering information that may be useful in gaining unauthorized access, or as a starting point for more advanced attacks.
Piggybacking
The simple tactics of following closely behind a person who has just use their own access card or pin to gain physical access to a room or building . The process of connecting to a wireless network without the permission of the owner of the network.
? A IT staff member used in administrators account to download an in-store a software application after the user launch the.EXE extension installer file, the user receive pop up ads , frequent crashes, slow computer performance, and strange service running when the staff member turns on the computer. What most likely happened to cause this issue?
The user installed Trojan horse malware
? An end-user installed an application and began receiving pop-up ads, frequent crashes, slow computer performance, and strange service is running. Which of the following most likely describes what occurred to cause these problems?
The user installed Trojan horse malware.
Reverse social engineering
This technique is similar to social engineering in that attackers are attempting to obtain information that can be used in an attack, but in this case, the attacker uses techniques to convince the target to initiate the contact.
? And attacker used a phishing email to successfully installed a keylogger Trojan onto a victim's computer, To steal confidential information when the Jews the type of information into the webform of a website. How can the user mitigate this threat?
Use a keyboard that encrypts key strokes.
Phishing Scam
a thief trying to trick you into sending them sensitive information. Typically these include emails about system updates asking you send your username and password, social security number or other things.