CEH CH 5: Key Terms
dynamic analysis
The act of analyzing software or programs while they are executing. Dynamic analysis also relates to the monitoring and analysis of computer activity and network traffic during malware analysis.
dropper
A Trojan horse or program designed to drop a virus to the infected computer and then execute it.
virus
A computer program with the capability to generate copies of itself and thereby spread. Viruses require the interaction of an individual to activate and can have rather benign results, such as flashing a message to the screen, or rather malicious results that destroy data, systems, integrity, or availability.
backdoor
A piece of software that allows access to a computer without using the conventional security procedures. Backdoors are often associated with Trojans.
trojan
A program disguised as legitimate software but designed to covertly do something malicious or nefarious.
worm
A self-replicating program that spreads by inserting copies of itself into other executable codes, programs, or documents. Worms typically flood a network with traffic and result in a denial of service.
tini
A small Trojan program that listens on port 777.
keylogger (keystroke logger)
A tool that an attacker uses to capture user keystrokes in a system to steal sensitive data (including credentials). There are two main types of keyloggers: keylogging hardware devices and keylogging software. A hardware (physical) keylogger is usually a small device that can be placed between a user's keyboard and the main system. Software keyloggers are dedicated programs designed to track and log user keystrokes.
ransomware
A type of malware that encrypts all files until a payment is made.
wrapper
A type of program used to bind a Trojan program to a legitimate program. The objective is to trick the user into running the wrapped program and installing the Trojan.
CVSS (Common Vulnerability Scoring System)
An industry standard that was created by security practitioners in the Forum of Incident Response and Security Teams (FIRST) to provide the principal characteristics of a vulnerability and produce a numerical score reflecting its severity.
covert channel
An unintended communication path that enables a process to transfer information in a way that violates a system's security policy.
spyware
Any software application that covertly gathers information about a user's Internet usage and activity and then exploits this information by sending adware and pop-up ads similar in nature to the user's Internet usage history.
crypter
Software used to encrypt malware. Some crypters obscure the contents of the Trojan by applying an encryption algorithm. Crypters can use anything from AES, RSA, to even Blowfish, or they might use more basic obfuscation techniques, such as XOR, Base64 encoding, or even ROT13.
static analysis
The analysis of software that is performed without actually executing programs. Static analysis is different from dynamic analysis, which is analysis performed on programs while they are "running" or executing. Static analysis makes use of disassemblers and decompilers to format the data into a human-readable format. It is also a technique used in malware analysis.
social engineering
The practice of tricking people into revealing sensitive data about their computer system or infrastructure. This type of attack targets people and is the art of human manipulation. Even when systems are physically well protected, social engineering attacks are possible.
denial of service (DoS)
The process of having network resources, services, and bandwidth reduced or eliminated because of unwanted or malicious traffic. The goal of a DoS attack is to render the network or system nonfunctional. Some examples include Ping of Death, SYN flood, IP spoofing, and Smurf attacks.
port redirection
The process of redirecting one protocol from an existing port to another.