1
Q
Malware
A
- Any software designed to infiltrate a computer system without the user’s knowledge
2
Q
In order for malware to infect a system, it need to create a __________ & __________
A
- Threat Vector & Attack Vector
3
Q
Threat Vector
A
- Specific method used by an attacker to infiltrate a victim’s machine
- EXAMPLE: Unpatched software, Installing code, Phishing campaigns
4
Q
Attack Vector
A
- Means by which an attacker gains access to a computer to infect the system with malware
5
Q
What is the difference between a threat vector & attack vector?
A
- Threat vector focuses on how the attacker plans to break into a given system
- Attack vector focuses on how they’re going to get in AND infect the system
6
Q
Computer Virus
A
- Malicious code that run on a machine without the user’s knowledge and this allows the code to infect the computer whenever it has been run
7
Q
Boot Sector Virus
A
- Stored in the first sector of a hard drive and is then loaded into the memory whenever the computer boots up
8
Q
Macro virus
A
- A form of code that allows a virus to be embedded inside another document so that when that document is opened by the user, the virus is executed
9
Q
Program virus
A
- Tries to find executables or application files to infect with their malicious code
10
Q
Multipartite virus
A
- A combination of a boot sector type virus and a program virus
11
Q
Encrypted virus
A
- Designed to hide itself from being detected by encrypting its malicious code or payloads to avoid detection by any anti-virus software
12
Q
Polymorphic virus
A
- Advanced version of an encrypted virus, but instead of just encrypting the contents, it actually changes the virus’ code each time it is executed by altering the decryption module in order for it to evade detection
13
Q
Metamorphic virus
A
- Able to rewrite itself entirely before it attempts to infect a given file
14
Q
Stealth virus
A
- Not necessarily a specific type of virus as much as it’s a technique used to prevent the virus from being detected by the anti-virus software
15
Q
Armored virus
A
- Have a layer of protection to confuse a program or person who’s trying to analyze it
16
Q
Hoax virus
A
- Form of technical social engineering that attempts to scare end users into taking undesirable action on their system
17
Q
Worm
A
- Piece of malicious software, much like a virus, but it can replicate itself without any user interaction
18
Q
What’s the difference between a worm and virus?
A
- Worms can replicate themselves without any user interaction
- Viruses require the user to take some type of action
19
Q
Trojan
A
- Piece of malicious software that is disguised as a piece of harmless or desirable software
20
Q
Remote Access Trojan (RAT)
A
- Type of Trojan widely used by modern attackers because it provides the attacker with remote control of a victim machine
21
Q
Ransomware
A
- Type of malicious software designed to block access to a computer system or its data by encrypting it until ransom is paid to the attacker
22
Q
What are four measures you can take to avoid ransomeware attacks?
A
- Conducting regular backups
- Installing regular software updates
- Providing security awareness training
- Implementing multi-factor authentication for systems
23
Q
Botnet
A
- Network of compromised computers or devices controlled remotely by malicious actors
24
Q
Zombie
A
- Name of a compromised computer or device that is part of a botnet and used to perform tasks using remote commands
25
Command and Control Node
- Responsible for managing and coordinating the activities of other nodes or devices within the network
26
Rootkit
- Type of software designed to gain administrative-level control over a given computer system without being detected
27
Kernel Mode
- Allows a system to control access to things like device drivers, sound card, and monitor
- Otherwise known as "Ring 0"
28
DLL (Dynamic Link Library) Injection
- Technique used to run arbitrary code within the address space of another process by forcing it to load a dynamic-link library
29
Shim
- Software code placed between two components
- Intercepts calls between them, then redirects them
30
Backdoor
- Used to bypass normal security and authentication functions
31
Easter Egg
- Insecure coding practice that was used by programmers to provide a joke or gag gift to the users
- Could create vulnerabilities due to lack of security testing
32
Logic Bomb
- Malicious code inserted into a program, and will only execute when certain conditions are met
33
Keylogger
- Piece of software or hardware that records every single keystroke that is made on a computer or mobile device
34
Spyware
- Type of malicious software that is designed to gather and send information about a user or organization
35
Bloatware
- Any software that comes pre-installed on a new computer or smartphone that user did not specifically request or need
36
Fileless Malware
- Used to create a process in the system memory without relying on the local file system of the infected host
37
What are the three stages of deployment for fileless malware?
Stage 1: Dropper or Downloader
- When a user clicks on a malicious link or opens a malicious file, malware is installed
Stage 2: Downloader
- Download and install a remote access Trojan to conduct command and control on victimized system
Stage 3: Concealment
- Helps threat actor prolong unauthorized access to a system by hiding tracks, erasing log files, and hiding any evidence of malicious activities
38
Dropper
- Specific download type that initiates or runs other malware forms within a payload on an infected host
39
Downloader
- Retrieves additional tools post the initial infection facilitated by a dropper
40
Shellcode
- Encompasses light weight code meant to execute an exploit on a given target
41
What are the nine major indicators of a malware attack on a system?
1.
42
Comptia Security+ Flashcards
flashcards
Decks in class (14)
# Cards
