Advanced Persistent Threats (APTs) in Cybercrime

Questions and Answers

What is the primary goal of an Advanced Persistent Cybercrime?

To compromise the confidentiality, integrity, or availability of the victim's data

What is the primary function of an Auto-rooter?

To break into new machines remotely

What is the role of a Downloader in a malware attack?

To install malware on a compromised system

What is a Drive-by download?

An attack using code in a compromised web site that exploits a browser vulnerability

What is the primary purpose of an Adware?

To result in pop-up ads or redirection of a browser to a commercial site

What is an Exploit?

Code specific to a single vulnerability or set of vulnerabilities

What is the primary function of a keylogger?

To collect information from a computer and transmit it to another system

What is a logic bomb?

Code inserted into malware by an intruder that lies dormant until a predefined condition is met

What is a trojan horse?

A computer program that appears to have a useful function, but also has a hidden and potentially malicious function

What is a rootkit?

A set of hacker tools used after an attacker has broken into a computer system and gained root-level access

What is a worm?

A computer program that can run independently and propagate a complete working version of itself onto other hosts on a network

What is a zombie or bot?

A program activated on an infected machine that is activated to launch attacks on other machines

Study Notes

Types of Malware

• Malware is software that is used to disrupt computer operations, gather sensitive information, or gain unauthorized access to computer systems.
• Can be classified into two broad categories: based on how it spreads or propagates to reach the desired targets, and based on the actions or payloads it performs once a target is reached.

Malware Propagation

• Propagation mechanisms include: infection of existing content by viruses, spam emails, exploitation of software vulnerabilities, and social engineering.
• Viruses and worms are examples of malware that replicate, while trojans and spam emails do not.

Specific Types of Malware

• Adware: Advertising that is integrated into software, resulting in pop-up ads or redirection of a browser to a commercial site.
• Attack Kit: A set of tools for generating new malware automatically using a variety of supplied propagation and payload mechanisms.
• Auto-rooter: Malicious hacker tools used to break into new machines remotely.
• Backdoor (Trapdoor): Any mechanisms that bypass normal security checks, allowing unauthorized access to functionality in a program or onto a compromised system.
• Downloader: Code that installs other items on a machine that is under attack, normally included in the malware code first inserted on to a compromised system to then import a larger malware package.
• Drive-by Download: An attack using code in a compromised web site that exploits a browser vulnerability to attack a client system when the site is viewed.
• Exploits: Code specific to a single vulnerability or set of vulnerabilities.
• Flooders (DoS client): Used to generate a large volume of data to attack networked computer systems, carrying out a denial-of-service (DoS) attack.
• Keyloggers: Captures keystrokes on a compromised system.
• Logic Bomb: Code inserted into malware by an intruder that lies dormant until a predefined condition is met, then triggers an unauthorized act.
• Macro Virus: A type of virus that uses macro or scripting code, typically embedded in a document, and triggered when the document is viewed or edited, to run and replicate itself into other such documents.
• Mobile Code: Software (e.g., script, macro, or other portable instruction) that can be shipped unchanged to a heterogeneous collection of platforms and execute with identical semantics.
• Rootkit: A set of hacker tools used after an attacker has broken into a computer system and gained root-level access.
• Spammer: Programs used to send large volumes of unwanted e-mail.
• Spyware: Software that collects information from a computer and transmits it to another system by monitoring keystrokes, screen data, and/or network traffic; or by scanning files on the system for sensitive information.
• Trojan Horse: A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the Trojan horse program.
• Virus: Malware that, when executed, tries to replicate itself into other executable machine or script code; when it succeeds, the code is said to be infected.
• Worm: A computer program that can run independently and can propagate a complete working version of itself onto other hosts on a network, usually by exploiting software vulnerabilities in the target system.
• Zombie, Bot: A program activated on an infected machine that is activated to launch attacks on other machines.