Questions and Answers
According to NIST 800-83, what is the primary intent of malware?
To compromise the confidentiality, integrity, or availability of a victim's data
How are malware classified based on their propagation mechanisms?
Based on how they spread or propagate to reach the desired targets
What is the primary difference between a virus and a worm?
A virus needs a host program, while a worm is independent
What is the primary purpose of an attack kit?
Signup and view all the answers
What is the primary characteristic of an Advanced Persistent Threat (APT)?
Signup and view all the answers
What is the primary goal of an APT attack?
Signup and view all the answers
What is the primary difference between a Trojan and a bot?
Signup and view all the answers
What is the primary purpose of social engineering in an APT attack?
Signup and view all the answers
What is the primary characteristic of malware that does not replicate?
Signup and view all the answers
What is the primary purpose of a botnet?
Signup and view all the answers
Study Notes
Malware Definition and Classification
- Malware is a program inserted into a system, usually covertly, to compromise confidentiality, integrity, or availability of victim's data, applications, or operating system.
- Classified into two broad categories: how it spreads or propagates to reach desired targets, and actions or payloads it performs once a target is reached.
Types of Malicious Software (Malware)
- Parasitic code (viruses) that need a host program
- Independent, self-contained programs (worms, trojans, and bots)
- Malware that does not replicate (trojans and spam e-mail)
- Malware that does replicate (viruses and worms)
Propagation Mechanisms
- Infection of existing content by viruses that is subsequently spread to other systems
- Exploit of software vulnerabilities by worms or drive-by-downloads
- Social engineering attacks that convince users to bypass security mechanisms
Payload Actions
- Corruption of system or data files
- Theft of service/make the system a zombie agent of attack as part of a botnet
- Theft of information from the system/keylogging
- Stealthing/hiding its presence on the system
Malware Development and Deployment
- Initially required considerable technical skill, but the development of virus-creation toolkits and attack kits made it easier for novices to deploy malware
- Toolkits, also known as "crimeware," include a variety of propagation mechanisms and payload modules
- Variants generated by attackers using these toolkits create a significant problem for system defenders
Attack Sources
- Organized and dangerous attack sources, including:
- Politically motivated attackers
- Criminals
- Organized crime
- National government agencies
- These attack sources have led to the development of a large underground economy involving the sale of attack kits
Advanced Persistent Threats (APTs)
- Well-resourced, persistent application of a wide variety of intrusion technologies and malware to selected targets (usually business or political)
- Attributed to state-sponsored organizations and criminal enterprises
- Characteristics:
- Advanced: use of a wide variety of intrusion technologies and malware
- Persistent: determined application of attacks over an extended period
- Threats: threats to selected targets as a result of organized, capable, and well-funded attackers
- APT attacks aim to:
- Steal intellectual property or security- and infrastructure-related data
- Physically disrupt infrastructure
- Techniques used include:
- Social engineering
- Spear-phishing e-mails
- Drive-by-downloads from compromised websites
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
