6) Malicious Software
Logic Bomb
Which of the following malware types is MOST likely to execute its payload after an employee, has left the company?
Mobile
__________ code refers to programs that can be shipped unchanged to a heterogeneous collection of platforms and execute with identical semantics.
Ransomware
__________ is malware that encrypts the user's data and demands payment in order to access the key needed to recover the information.
bot
a program that performs a repetitive task on a network
Zombie
a program that secretly takes over another computer for the purpose of launching attacks on other computers
Worm
a software program capable of reproducing itself that can spread from one computer to the next over a network.
parasitic virus
attaches to programs and executable files/installs itself into memory
Botnets
Which of the following malware types is MOST commonly associated with command and control
Three locations for malware detection mechanisms
1. 2. 3.
Four Categories of Malware Payloads
1. corruption of system or datafiles 2. theft of service in order to make the system a zombie agent of attack as part of a botnet 3. theft of information from the system, such as logins, password and person details 4. stealthing where the malware hides its own presence on the system
Three broad mechanisms malware uses to propogate (3)
1. infection of existing executable or interpreted content by viruses that is subsequently spread to other systems 2. exploit of software vulnerabilities either locally or over a network by worms or drive-by-downloads to allow the malware to replicate 3. social engineering attacks that convince users to bypass security mechanisms to install trojans, or to respond to phishing attacks
Logic Bomb
A __________ is code inserted into malware that lies dormant until a predefined condition, which triggers an unauthorized act, is met
drive by download
A __________ is when a user views a Web page controlled by the attacker that contains a code that exploits the browser bug and downloads and installs malware on the system without the user's knowledge or consent.
Blended Attack
A _________________ uses multiple methods of infection or propagation to maximize the speed of contagion and the severity of the attack.
Trojan Horse
A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program.
Watering Hole Attack
A malicious attack that is directed toward a small group of specific individuals who visit the same website.
spear-phishing
A phishing attack that targets only specific users.
Rootkits
A set of of software tools used by an intruder to break into a computer obtain special prvileges to perform unauthorized functions, and then hide all traces of its existence.
Adware
A software program that delivers advertising content in a manner that is unexpected and unwanted by the user.
Advanced Persistent Threat (APT)
A sophisticated, long-running computer hack that is perpetrated by large, well-funded organizations
Rootkit
A tool that obtains the highest level of privilege on a device.
Spyware
A type of Malware that locates and saves data from users without them knowing about it.
Downloader
A type of Trojan designed to transfer other malware onto a PC via Internet connection.
Metamorphic Virus
A virus that alters how it appears to avoid detection.
polymorphic virus
A virus that can change its own code or periodically rewrites itself to avoid detection
stealth virus
A virus that temporarily erases its code from the files where it resides and hides in the active memory of the computer.
Macro Virus
A virus that's distributed by hiding it inside a macro.
zero-day exploit
A vulnerability that is exploited before the software creator/vendor is even aware of its existence.
payload
The destructive event a virus was created to deliver.
Worm
Several users' computers are no loner responding normally and sending out spam email to the users' entire contact life. This is an example of which of _________ outbreak
Virus
Code embedded within a program that causes a copy of itself to be inserted in one or more other programs. In addition to propagation, the virus usually performs some unwanted function.
botnet
Collection of bots capable of acing in a coordinated manner
Prevention
The ideal solution to the threat of malware is __________.
dormant phase
During the ________ the virus is idle.
Social Engineering
Which of the following is an attack where Pete spreads USB thumb drives thoughout a bank's parking lot in order to have malware installed on the banking systems?
Virus
Which of the following malware types is BEST described as protecting itself by hooking system porcesses and hiding its presence?
Infection Vector
How an infection is spread.
Boot-sector infector
Infects a master boot record or boot record and spreads when a system is booted from the disk containing the virus
Malware Countermeasures
Installing anti-malware applications, installing basic internet security applications, often get the data drive scanned and analyzed
Anti Spam
Jane, a user, has reported an increase in email phishing attempts. Which of the following can be implemented to mitigate the attacks?
False
Keyware captures keystrokes on a compromised system.
Drive-by-Download
Program which automatically downloads when a user visits a web page, usually without their knowledge or consent.
malicious software (malware)
Programs that exploit system and user vulnerabilities to gain access to the computer.
Backdoor
Software code that gives access to a program or a service that circumvents normal security protections.
Mobile Code
Software that is transmitted across the network from a remote source to a local system then executed at the local system
crimeware
Software tools built with the purpose of committing online scams and stealing information from consumers and businesses
True
T/F: A logic bomb is the event or condition that determines when the payload is activated or delivered.
True
T/F: In addition to propagating, a worm usually carries some form of payload.
True
T/F: Malicious software aims to trick users into revealing sensitive personal data.
True
T/F: Packet sniffers are mostly used to retrieve sensitive information like usernames and passwords.
Bots
Takes over another Internet attached computer and uses that computer to launch or manage attacks.
Execution Phase
The __________ is when the virus function is performed.
Data Exfiltration
The unauthorized transfer of data outside an organization.
Spam
Unsolicited bulk e-mail is referred to as __________.
propogate
produce, multiply, spread
Trapdoor
secret entry point of entry into a program that allows someone that is aware of the trap door to gain access without going through the usual security access procedures (like a backdoor)
Infection Mechanism
the __________ is the means by which a virus spreads or propagates.