Shared Flashcard Set

Details

Malware and Indicators of Compromise
Chapter 1 of All in One Security + by Conklin White
11
Computer Science
Not Applicable
07/18/2019

Additional Computer Science Flashcards

 


 

Cards

Term
VIRUS
Definition
A piece of malicious code that replicates itself by attaching itself to an executable file.  It is seen as a system-based malware.
Term
What makes an armoured virus different from a regular virus?
Definition
The armoured virus is where the malware creator makes the process of reverse engineering difficult if not impossible.
Term
ROOTKIT
Definition
A type of malware that modifies the workings of the operating system.  These rootkits can modify the kernal and change the nature of the operating system.
Term
ADWARE
Definition
A piece of software that presents unwanted  ads to a victim.  Some may be annoying but others can be a serious threat.
Term
LOGIC BOMB
Definition
This malware sits dormant until a certain condition is fulfilled.  May also be referred to as a time bomb.
Term
BACKDOOR
Definition

Referring to programs  that attackers install after gaining unauthorized access to a system to continue unregistered access even if their initial method is blocked.

 

Ex.) A variation of a backdoor is a rootkit

Term
KEYLOGGER
Definition

This collects user keystrokes that even though isn't malicious in itself can become malicious when:

 

 

1.) Its unknown to the user

2.) Not under user control

 

Term
WHAT ARE SOME INDICATORS THAT YOUR SYSTEM IS INFECTED WITH MALWARE?
Definition

Forensic artifacts are left.  These artifacts are called Indicators of Compromise( IOCs ).

 

Some signed include:

 

  •  Unusual outbound net traffic
  • Anomalies in priveledged user accounts
  • Geographical irregularities
Term
RAT
Definition

This malware has the capability to apply surveillance to a system to gain unauthorized access.

 

RATs present info to an attacker to an attacker to allow him to gain access to a system.

Term
WHAT MAKES A VIRUS DIFFERENT THAN A WORM?
Definition
A virus needs an executable to attach itself to while a worm is self-replicating and therefore self-sufficient
Term
WHAT ARE THE 5 MAJOR TYPES OF ROOTKITS?
Definition

The five major types of rootkits:

  • Firmware
  • Virtual
  • Kernel
  • Library
  • Application

 

Ex.) BluePill and Subvirt

Supporting users have an ad free experience!