Malicious Software (Malware) Chapter 67

Questions and Answers

What is the primary function of the malware code?

To steal sensitive user data

To import a larger malware package (correct)

To hide from antivirus software

To crash the compromised system

What happens when the malware code is inserted onto a system?

The system crashes immediately

The antivirus software is disabled

The user data is encrypted

A larger malware package is imported (correct)

Where is the malware code typically inserted?

On a cloud storage service

On a network server

On a compromised system (correct)

On a USB drive

What is the purpose of the initial malware code?

To import a larger malware package

What is the role of the initial malware code in the malware attack?

To import a larger malware package

What is the primary intention of malware according to NIST 800-83?

To compromise the confidentiality, integrity, or availability of the victim's data

What is the term for cybercrime directed at business and political targets using a wide variety of intrusion technologies and malware?

Advanced persistent threat

What is adware, as described in the text?

Advertising that is integrated into software

What is the primary characteristic of an advanced persistent threat?

It is a type of malware that is applied persistently and effectively to specific targets

What is the definition of malware provided by NIST 800-83?

A program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity, or availability of the victim's data

What is the primary goal of an advanced persistent threat?

To compromise the confidentiality, integrity, or availability of the victim's data

What is the primary goal of ransomware like WannaCry?

To demand a ransom payment in exchange for restoring access to encrypted files

What is mobile code, as defined by NIST SP 800-28?

Code that can be shipped unchanged to a heterogeneous collection of platforms and executed with identical semantics

What is the primary method of propagation for mobile phone worms like Cabir?

Through Bluetooth wireless connections

What is the goal of a drive-by-download attack?

To exploit vulnerabilities in a user's browser or plugins to download and install malware

What is the primary purpose of a Trojan horse?

To allow an attacker to accomplish functions that they could not accomplish directly

What is the goal of social engineering attacks?

To trick users into divulging sensitive information

What is the primary purpose of keyloggers and spyware?

To steal sensitive information from a system

What is phishing?

A type of social engineering attack that leverages trust to steal sensitive information

What is the primary purpose of a backdoor?

To allow an attacker to gain access to a system without being detected

What is the primary purpose of a rootkit?

To hide malicious activity on a system from the user

Study Notes

Malware

• Malware is a program inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity, or availability of the victim's data, applications, or operating system.
• NIST 800-83 defines malware as a program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity, or availability of the victim's data, applications, or operating system.

Types of Malware

• Advanced Persistent Threat (APT): cybercrime directed at business and political targets, using a wide variety of intrusion technologies and malware, applied persistently and effectively to specific targets over an extended period, often attributed to state-sponsored organizations.
• Adware: advertising that is integrated into software.
• Ransomware: a type of malware that encrypts files and demands a ransom payment in exchange for the decryption key.
• WannaCry: a ransomware attack in May 2017 that spread extremely fast over a period of hours to days, infecting hundreds of thousands of systems belonging to both public and private organizations in more than 150 countries.
• Mobile Code: programs that can be shipped unchanged to a heterogeneous collection of platforms and executed with identical semantics.
• Mobile Phone Worms: worms that spread through Bluetooth wireless connections or MMS, targeting smartphones and deleting data or forcing the device to send costly messages.

Malware Propagation

• Drive-By-Downloads: exploits browser and plugin vulnerabilities, allowing malware to be downloaded and installed on a system without the user's knowledge or consent.
• Social Engineering: "tricking" users to assist in the compromise of their own systems.
• Spam: unsolicited bulk e-mail, often used to spread malware or phish for sensitive information.
• Trojans: programs or utilities containing harmful hidden code, used to accomplish functions that the attacker could not accomplish directly.

Payloads

• Information Theft: malware that steals sensitive information, such as login credentials or financial information.
• Stealthing: malware that hides its presence on a system, such as rootkits that subvert the operating system's security mechanisms.
• Backdoors: secret entry points into a program, allowing the attacker to gain access and bypass security access procedures.

Malware Countermeasures

• Prevention: the ideal solution to the threat of malware, involving policy, awareness, vulnerability mitigation, and threat mitigation.
• Detection: technical mechanisms can be used to detect malware, such as sandbox analysis and host-based behavior-blocking software.
• Removal: malware can be removed from a system, but this may not always be possible or effective.
• Perimeter Scanning Approaches: anti-virus software and intrusion detection systems can be used to scan for malware at the network perimeter.

Description

This quiz covers the basics of malware, including its definition and characteristics according to NIST 800-83. Test your understanding of malicious software!