Advanced Persistent Threats (APTs) in Cybercrime

Study Notes

Types of Malware

Malware is software that is used to disrupt computer operations, gather sensitive information, or gain unauthorized access to computer systems.
Can be classified into two broad categories: based on how it spreads or propagates to reach the desired targets, and based on the actions or payloads it performs once a target is reached.

Malware Propagation

Propagation mechanisms include: infection of existing content by viruses, spam emails, exploitation of software vulnerabilities, and social engineering.
Viruses and worms are examples of malware that replicate, while trojans and spam emails do not.

Specific Types of Malware

Adware: Advertising that is integrated into software, resulting in pop-up ads or redirection of a browser to a commercial site.
Attack Kit: A set of tools for generating new malware automatically using a variety of supplied propagation and payload mechanisms.
Auto-rooter: Malicious hacker tools used to break into new machines remotely.
Backdoor (Trapdoor): Any mechanisms that bypass normal security checks, allowing unauthorized access to functionality in a program or onto a compromised system.
Downloader: Code that installs other items on a machine that is under attack, normally included in the malware code first inserted on to a compromised system to then import a larger malware package.
Drive-by Download: An attack using code in a compromised web site that exploits a browser vulnerability to attack a client system when the site is viewed.
Exploits: Code specific to a single vulnerability or set of vulnerabilities.
Flooders (DoS client): Used to generate a large volume of data to attack networked computer systems, carrying out a denial-of-service (DoS) attack.
Keyloggers: Captures keystrokes on a compromised system.
Logic Bomb: Code inserted into malware by an intruder that lies dormant until a predefined condition is met, then triggers an unauthorized act.
Macro Virus: A type of virus that uses macro or scripting code, typically embedded in a document, and triggered when the document is viewed or edited, to run and replicate itself into other such documents.
Mobile Code: Software (e.g., script, macro, or other portable instruction) that can be shipped unchanged to a heterogeneous collection of platforms and execute with identical semantics.
Rootkit: A set of hacker tools used after an attacker has broken into a computer system and gained root-level access.
Spammer: Programs used to send large volumes of unwanted e-mail.
Spyware: Software that collects information from a computer and transmits it to another system by monitoring keystrokes, screen data, and/or network traffic; or by scanning files on the system for sensitive information.
Trojan Horse: A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the Trojan horse program.
Virus: Malware that, when executed, tries to replicate itself into other executable machine or script code; when it succeeds, the code is said to be infected.
Worm: A computer program that can run independently and can propagate a complete working version of itself onto other hosts on a network, usually by exploiting software vulnerabilities in the target system.
Zombie, Bot: A program activated on an infected machine that is activated to launch attacks on other machines.

Description

Learn about Advanced Persistent Threats (APTs), a type of cybercrime directed at business and political targets, using various intrusion technologies and malware, often attributed to state-sponsored organizations.