Security+ Chapter 1
Armored Virus
The aim of an armored virus is to make detection difficult. As their name suggests, armored viruses go one step further by making it difficult to analyze functions, thus creating a metaphorical layer of armor around the virus. They use various methods of operation, most notably they try to prevent disassembly and debugging.
Stealth Virus
This memory- resident virus also uses techniques to avoid detection, such as temporarily removing itself from an infected file or masking a file's size. For example, a stealth virus removes itself from an infected file and places a copy of itself in a different location.
Macro Virus
This type of virus is inserted into a Microsoft Office document and emailed to unsuspecting users. A macro virus uses macro language and executes when the document opens.
Downloader Trojan
Downloader Trojans download additional, often malicious software onto infected systems.
Remote Access Trojan
A backdoor Trojan installed on a system to allow a remote attacker to take control of the targeted system. When it is executed it provides a remotely accessible backdoor for an attacker to covertly monitor the system or easily gain entry. This approach is similar to remote control programs (like Remote Desktop) and is not itself malicious; only the Trojan component is because it is installed without the victims knowledge.
Bot
A bot, short for "robot", is an automated computer program that needs no user interaction. Bots are systems outside sources can control. A bot provides a spam or virus originator with the venue to propagate. Many computers compromised in this way are unprotected home computers.
Botnet
A botnet is a large number of computers that forward transmissions to other computers on the Internet. Also referred to as a "zombie army". These computers can be programmed to conduct a distributed denial-of-service (DDoS) attack, distribute spam, or perform other malicious acts. A main issue with botnets is that they are securely hidden.
Crypto-Malware
A form of ransomware, crypto-malware is specifically designed to find potentially valuable data on a system and encrypt it. It generates encryption keys and stores the private key on a command and control serer. It then threatens to delete the private key, which is used to unencrypt files and restore access, if the user does not pay.
Logic Bomb
A logic bomb is a virus or Trojan horse designed to execute malicious actions when a certain even occurs or after a certain period of time. For a virus to be considered a logic bomb, the user of the software must be unaware of the payload. For example, it may be created to delete all the code from the server after a certain date. A logic bomb is also referred to as slag code and is usually planted by a disgruntled employee.
Multipartite Virus
A multipartite virus infects executable files and also attacks the master boot record of the system. If the boot sector is not cleaned along with the infected files, the files can easily be infected again.
Polymorphic Virus
A polymorphic virus can change form or signature each time it is executed, to avoid detection. Each time a polymorphic virus infects a new file or system it changes its code. As a result, detecting the malware becomes difficult without an identifiable pattern, or signature to match. Instead of looking for a specific signature, heuristic-based scanning examines the instructions running within a program.
Rootkit
A rootkit is a piece of software that can be installed and hidden on a computer mainly to compromise the system and gain escalated privileges, such as administrative rights. It may consist of programs that view traffic and keystrokes, alter existing files to escape detection, or create a backdoor on the system. Rootkits can be included as part of software packages, can be installed through an unpatched vulnerability, or can be downloaded and installed by users.
Virus
A virus is a program or piece of code that runs on your computer, often without your knowledge or consent. Viruses are designed to attach themselves to other code and replicate.
Infostealer Trojan
Infostealer Trojans attempt to steal information from the infected machine.
Keylogger
Keylogger Trojans monitor and send keystrokes typed from the infected machine.
Program and File infecting Virus
Man common viruses, particularly early ones, are this type. The virus infects executable program files and becomes active in memory, then seeks out other files to infect. These are easily identified by their binary pattern, or signature, which works like a fingerprint.
Nonresident Virus
Once executed, this type of virus looks for targets both locally and across the network. The virus then infects these areas and exits. Unlike a resident virus, it does not remain active.
Ransomware
Ransomware is a form of malware that attempts to hold a user ransom. The attacker typically has already compromised a system and demands payment to prevent negative consequences such as deleting files or taking a website offline. Ransomware is unique in that the attacker directly demands payment. The amount is often relatively low to ensure a higher likelihood of payment.
Spyware
Spyware is associated with behaviors such as advertising, collecting personal information, and changing your computer configuration without first obtaining consent. Basically it is software that communicates information from a user's system to another party without notifying the user.
Boot Sector Virus
This type of virus is placed into the first sector of the hard drive so that when the computer boots, the virus loads into memory. As a result, the virus loads before the operating system even starts. They were more prevalent in the era of floppy disks because inserted disks supplied the means for infection and spread the virus when the computer booted up.
Resident Virus
This type of virus resides in memory, which means it is loaded each time the system starts and can infect other areas based on specific actions. This method allows a virus to remain active even after any host program terminates.
Trojan Horse
Trojan Horses are programs disguised as useful applications and do not replicate themselves like viruses. Code hidden inside the application can attack your system directly or allow the code originator to compromise the system. It is typically hidden so its capability to spread depends on popularity of the software and user willingness to download and install. They are often classified by their payload or function. Most common include backdoor, downloader, infostealer, and keylogger.
Worm
Worms are similar in function and behavior to a virus, with one exception: Worms are self-replicating and do not need a host file. A worm is built to take advantage of a security hole in an existing application or operating system, then find other systems running the same software and then automatically replicates itself to the new host. Common methods of replicating include spreading through email, the network, and the Internet.