Malware and Cybercrime
38 Questions
7 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is the primary goal of an Advanced Persistent Threat?

  • To display pop-up ads on a victim's browser
  • To break into new machines remotely
  • To generate new malware using a variety of supplied propagation and payload mechanisms
  • To compromise the confidentiality, integrity, or availability of a target's data or system (correct)
  • What is the purpose of a Downloader?

  • To exploit a browser vulnerability on a client system
  • To install other malware on a compromised system (correct)
  • To remove malware from a compromised system
  • To bypass normal security checks on a system
  • What is a Backdoor (trapdoor)?

  • A type of advertising integrated into software
  • A type of malware used to break into new machines remotely
  • A set of tools for generating new malware
  • A mechanism that bypasses normal security checks on a system (correct)
  • What is the primary method of attack used in a Drive-by Download?

    <p>Exploiting a vulnerability in a browser to attack a client system</p> Signup and view all the answers

    What is Adware?

    <p>Advertising integrated into software</p> Signup and view all the answers

    What is an Auto-rooter?

    <p>Malicious hacker tools used to break into new machines remotely</p> Signup and view all the answers

    What type of malware uses macro or scripting code embedded in a document to run and replicate itself?

    <p>Macro Virus</p> Signup and view all the answers

    What is the primary function of a Rootkit?

    <p>To set of hacker tools used after an attacker has broken into a computer system</p> Signup and view all the answers

    What type of malware appears to have a useful function, but also has a hidden and potentially malicious function?

    <p>Zombie, Bot</p> Signup and view all the answers

    What type of malware carries out a denial-of-service (DoS) attack by generating a large volume of data?

    <p>Flooder</p> Signup and view all the answers

    What type of malware collects information from a computer and transmits it to another system?

    <p>Spyware</p> Signup and view all the answers

    What type of malware is inserted into a system and lies dormant until a predefined condition is met, then triggers an unauthorized act?

    <p>Logic Bomb</p> Signup and view all the answers

    What is the primary goal of optimizing the spread of a worm?

    <p>To locate as many vulnerable machines as possible in a short time period</p> Signup and view all the answers

    What is the purpose of using functionally equivalent instructions and encryption techniques in worms?

    <p>To adopt polymorphic techniques</p> Signup and view all the answers

    What is the ideal payload for a worm to spread rapidly?

    <p>Malicious payloads including spyware and spam email generators</p> Signup and view all the answers

    What is the benefit of exploiting a zero-day vulnerability?

    <p>It achieves maximum surprise and distribution</p> Signup and view all the answers

    What was significant about the year 2015 in the context of zero-day exploits?

    <p>It was the year with 54 zero-day exploits discovered, significantly more than in previous years</p> Signup and view all the answers

    What is a characteristic of metamorphic worms?

    <p>They have a repertoire of behavior patterns unleashed at different stages of propagation</p> Signup and view all the answers

    A malware that replicates itself by attaching to other executable machine or script code is classified as a

    <p>Virus</p> Signup and view all the answers

    What is the primary difference between a worm and a virus?

    <p>Worms are independent, self-contained programs, while viruses need a host program</p> Signup and view all the answers

    What is the term for a malware that does not replicate itself?

    <p>Trojan</p> Signup and view all the answers

    What is the purpose of an attack kit?

    <p>To develop and deploy malware</p> Signup and view all the answers

    What is the characteristic of an Advanced Persistent Threat (APT)?

    <p>They are well-resourced, persistent, and targeted attacks</p> Signup and view all the answers

    What is the primary function of a virus's infection mechanism?

    <p>To spread the virus to other programs</p> Signup and view all the answers

    What is the term for a virus that attaches itself to documents and uses the macro programming capabilities of the document's application to execute and propagate?

    <p>Macro virus</p> Signup and view all the answers

    What is the term for a worm that spreads through electronic mail or instant messenger facilities?

    <p>E-mail worm</p> Signup and view all the answers

    What is the primary function of a worm's target discovery mechanism?

    <p>To scan for other systems to infect</p> Signup and view all the answers

    What is the term for a worm that uses a list of potential vulnerable machines to infect?

    <p>Hit-list worm</p> Signup and view all the answers

    What is the primary purpose of ransomware attacks like WannaCry?

    <p>To demand a ransom payment in exchange for restoring access to encrypted files</p> Signup and view all the answers

    What is the term for programs that can be executed on multiple platforms with identical semantics?

    <p>Mobile code</p> Signup and view all the answers

    What is the primary mechanism used by drive-by-downloads to infect systems?

    <p>Exploiting browser and plugin vulnerabilities</p> Signup and view all the answers

    What is the primary goal of phishing attacks?

    <p>To steal sensitive information</p> Signup and view all the answers

    What is the term for a set of hidden programs installed on a system to maintain covert access to that system?

    <p>Rootkit</p> Signup and view all the answers

    What is the primary advantage of host-based behavior-blocking software?

    <p>It can block malware in real-time before it has a chance to affect the system</p> Signup and view all the answers

    What is the term for a malicious program that replicates itself by sending copies to other devices via Bluetooth or MMS?

    <p>Mobile phone worm</p> Signup and view all the answers

    What is the primary goal of sandbox analysis?

    <p>To detect malware by running it in a controlled environment</p> Signup and view all the answers

    What is the primary advantage of perimeter scanning approaches?

    <p>They can detect malware at the network boundary, preventing it from entering the system</p> Signup and view all the answers

    What is the primary goal of ideal malware countermeasure approaches?

    <p>To prevent malware from being installed in the first place</p> Signup and view all the answers

    Study Notes

    Malware

    • Malware is a program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity, or availability of the victim's data, applications, or operating system.
    • Types of malware:
      • Virus: a piece of software that infects programs, modifies them to include a copy of the virus, and replicates itself.
      • Worm: a computer program that can run independently and propagate a complete working version of itself onto other hosts on a network, usually by exploiting software vulnerabilities.
      • Trojan: a program that appears to be legitimate but is actually malicious, allowing unauthorized access to a system or data.
      • Bot: a malware that allows remote control of a compromised system.

    Virus

    • Components:
      • Infection mechanism: means by which a virus spreads or propagates.
      • Trigger: event or condition that determines when the payload is activated or delivered.
      • Payload: what the virus does (besides spreading).
    • Phases:
      • Dormant phase: virus is idle and will eventually be activated by some event.
      • Triggering phase: virus is activated to perform the function for which it was intended.
      • Propagation phase: virus places a copy of itself into other programs or into certain system areas on the disk.
      • Execution phase: function is performed.

    Worm

    • Exploits software vulnerabilities in client or server programs to spread from system to system.
    • Can use network connections to spread from system to system.
    • Can spread through shared media (USB drives, CD, DVD data disks).
    • Types of worms:
      • E-mail worms: spread through email attachments or instant messaging.
      • Instant messaging worms: spread through instant messaging services.

    Malware Propagation

    • Mechanisms:
      • Infection of existing content by viruses.
      • Exploit of software vulnerabilities by worms.
      • Social engineering attacks.
    • Target discovery:
      • Scanning: searching for other systems to infect.
      • Hit-list: using a list of potential vulnerable machines.
      • Topological: using information contained on an infected victim machine to find more hosts to scan.

    Advanced Persistent Threats (APTs)

    • Well-resourced, persistent application of a wide variety of intrusion technologies and malware to selected targets.
    • Typically attributed to state-sponsored organizations and criminal enterprises.
    • Characteristics:
      • Advanced: using a wide variety of intrusion technologies and malware.
      • Persistent: determined application of the attacks over an extended period.
      • Targeted: careful target selection and stealthy intrusion efforts.

    Malware Countermeasures

    • Approaches:
      • Prevention: policy, awareness, vulnerability mitigation, and threat mitigation.
      • Detection: identifying malware through various techniques (e.g., signature-based, behavior-based).
      • Removal: removing malware from a system.
      • Sandbox analysis: running potentially malicious code in an emulated sandbox or on a virtual machine.
      • Host-based behavior-blocking software: integrates with the operating system and monitors program behavior in real-time for malicious action.### Types of Malware
    • Exploits: Code specific to a single vulnerability or set of vulnerabilities
    • Flooders (DoS client): Used to generate a large volume of data to attack networked computer systems, carrying out a denial-of-service (DoS) attack
    • Keyloggers: Capture keystrokes on a compromised system
    • Logic bomb: Code inserted into malware by an intruder, lying dormant until a predefined condition is met, triggering an unauthorized act
    • Macro Virus: A type of virus that uses macro or scripting code, typically embedded in a document, triggered when the document is viewed or edited, to run and replicate itself into other documents

    Malware Categories

    • Mobile Code: Software (e.g., script, macro, or other portable instruction) that can be shipped unchanged to a heterogeneous collection of platforms and execute with identical semantics
    • Rootkit: Set of hacker tools used after attacker has broken into a computer system and gained root-level access
    • Spammer: Programs used to send large volumes of unwanted e-mail
    • Spyware: Software that collects information from a computer and transmits it to another system by monitoring keystrokes, screen data, and/or network traffic; or by scanning files on the system for sensitive information

    Malware Behavior

    • Zombie, bot: A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms
    • Worms: Penetrate systems in various ways, using exploits against Web servers, browsers, e-mail, file sharing, and other network-based applications; or via shared media
    • Worm propagation: Optimize rate of spread to maximize likelihood of locating vulnerable machines in a short time period
    • Worm evasion: Use virus polymorphic technique to evade detection, skip past filters, and foil real-time analysis
    • Metamorphic worms: Have a repertoire of behavior patterns that are unleashed at different stages of propagation

    Worm Technologies

    • Transport vehicles: Worms can rapidly compromise a large number of systems, making them ideal for spreading malicious payloads
    • Zero-day exploit: Exploit an unknown vulnerability, achieving maximum surprise and distribution, with 54 zero-day exploits discovered and exploited in 2015

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Description

    This quiz covers types of malware, including Trojan horses and adware, as well as advanced persistent threats and cybercrime targeting businesses and political organizations.

    More Like This

    Malware and Cybercrime
    38 questions

    Malware and Cybercrime

    RobustSeattle1717 avatar
    RobustSeattle1717
    Types of Malware Quiz
    9 questions

    Types of Malware Quiz

    WorthEmpowerment1870 avatar
    WorthEmpowerment1870
    1212 Ch9.7-10.2: Malware Types Quiz
    25 questions
    Use Quizgecko on...
    Browser
    Browser