Cybercrime and Malware

Questions and Answers

What type of malware uses macro or scripting code and is typically embedded in a document?

Macro Virus (correct)

Trojan horse

Rootkit

Logic bomb

What is a type of malware that can run independently and propagate a complete working version of itself onto other hosts on a network?

Macro Virus

Rootkit

Worm (correct)

Logic bomb

What type of cybercrime is typically directed at business and political targets and is often attributed to state-sponsored organizations?

Adware

Advanced persistent threat (correct)

Auto-rooter

Attack Kit

What is a type of malware that captures keystrokes on a compromised system?

Keylogger

What is the primary purpose of a downloader in a malware attack?

To install other malware on a compromised system

What type of malware is a set of hacker tools used after an attacker has broken into a computer system and gained root-level access?

Rootkit

What is the term for a mechanism that bypasses a normal security check, allowing unauthorized access to a system or program?

Backdoor

What type of malware is a computer program that appears to have a useful function, but also has a hidden and potentially malicious function?

Trojan horse

What type of malware is designed to automatically generate new malware using a variety of supplied propagation and payload mechanisms?

Attack Kits

What type of malware is a program activated on an infected machine that is activated to launch attacks on other machines?

Zombie

What is the term for an attack that uses code in a compromised web site to exploit a browser vulnerability and attack a client system?

Drive-by download

What is the primary purpose of an auto-rooter?

To break into new machines remotely

Study Notes

Types of Malware

• Malware is software that is used to disrupt computer operations, gather sensitive information, or gain unauthorized access to computer systems.
• Can be classified into two broad categories: based on how it spreads or propagates to reach the desired targets, and based on the actions or payloads it performs once a target is reached.

Malware Propagation

• Propagation mechanisms include: infection of existing content by viruses, spam emails, exploitation of software vulnerabilities, and social engineering.
• Viruses and worms are examples of malware that replicate, while trojans and spam emails do not.

Specific Types of Malware

• Adware: Advertising that is integrated into software, resulting in pop-up ads or redirection of a browser to a commercial site.
• Attack Kit: A set of tools for generating new malware automatically using a variety of supplied propagation and payload mechanisms.
• Auto-rooter: Malicious hacker tools used to break into new machines remotely.
• Backdoor (Trapdoor): Any mechanisms that bypass normal security checks, allowing unauthorized access to functionality in a program or onto a compromised system.
• Downloader: Code that installs other items on a machine that is under attack, normally included in the malware code first inserted on to a compromised system to then import a larger malware package.
• Drive-by Download: An attack using code in a compromised web site that exploits a browser vulnerability to attack a client system when the site is viewed.
• Exploits: Code specific to a single vulnerability or set of vulnerabilities.
• Flooders (DoS client): Used to generate a large volume of data to attack networked computer systems, carrying out a denial-of-service (DoS) attack.
• Keyloggers: Captures keystrokes on a compromised system.
• Logic Bomb: Code inserted into malware by an intruder that lies dormant until a predefined condition is met, then triggers an unauthorized act.
• Macro Virus: A type of virus that uses macro or scripting code, typically embedded in a document, and triggered when the document is viewed or edited, to run and replicate itself into other such documents.
• Mobile Code: Software (e.g., script, macro, or other portable instruction) that can be shipped unchanged to a heterogeneous collection of platforms and execute with identical semantics.
• Rootkit: A set of hacker tools used after an attacker has broken into a computer system and gained root-level access.
• Spammer: Programs used to send large volumes of unwanted e-mail.
• Spyware: Software that collects information from a computer and transmits it to another system by monitoring keystrokes, screen data, and/or network traffic; or by scanning files on the system for sensitive information.
• Trojan Horse: A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the Trojan horse program.
• Virus: Malware that, when executed, tries to replicate itself into other executable machine or script code; when it succeeds, the code is said to be infected.
• Worm: A computer program that can run independently and can propagate a complete working version of itself onto other hosts on a network, usually by exploiting software vulnerabilities in the target system.
• Zombie, Bot: A program activated on an infected machine that is activated to launch attacks on other machines.

Description

This quiz covers advanced persistent cybercrime and malware, including intrusion technologies and state-sponsored attacks.