Chapter 1 - 03 - Define Malware and its Types - 03_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Information Security Threats and Vulnerabilities Exam 212-82 Components of Malware QO The componentsof a malware software depend on the requirements of the malware author who designs it for a specific target to perform intended tasks Crypter Downloader Dropper Exploit Injector i O i Software that protects malware from undergoing reverse engineering or analysis A type of Trojan that downloads other malware from the Internet on to the PC A type of Trojan that covertly installs other malware files on to the system A malicious code that breaches the system security via software vulnerabilities install malware to access information or A program that injects its code into other vulnerable running processes and changes how they execute to hide or prevent its removal A program that conceals its code and intended security mechanisms to detect or remove it purpose via various techniques, and thus, makes it hard for A program that allows all files to bundle together into a single executable file via compression to bypass security software detection Payload Malicious Code A piece of software that allows control over a computer system after it has been exploited A command that defines malware’s basic functionalities such as stealing data and creating backdoors il All Rights Reserved. Reproduction is Strictly Prohibited Components of Malware Malware authors and attackers create malware using components that can help them achieve their goals. They can use malware to steal information, delete data, change system settings, provide access, or merely multiply and occupy space. Malware is capable of propagating and functioning secretly. Some essential components of most malware programs are as follows: = Crypter: It is a software program that can conceal the existence of malware. Attackers use this software to elude antivirus detection. It protects malware from reverse engineering or analysis, thus making it difficult to detect by security mechanisms. * Downloader: It is a type of Trojan that downloads other malware (or) malicious code and files from the Internet to a PC or device. Usually, attackers install a downloader when they first gain access to a system. = Dropper: It is a covert carrier of malware. Attackers embed notorious malware files inside droppers, which can perform the installation task covertly. Attackers need to first install the malware program or code on the system to execute the dropper. The dropper can transport malware code and execute malware on a target system without being detected by antivirus scanners. = Exploit: It is the part of the malware that contains code or a sequence of commands that can take advantage of a bug or vulnerability in a digital system or device. Attackers use such code to breach the system’s security through software vulnerabilities to spy on information or to install malware. Based on the type of vulnerabilities abused, exploits are categorized into local exploits and remote exploits. Module 01 Page 28 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Threats and Vulnerabilities = Exam 212-82 |njector: This program injects exploits or malicious code available in the malware into other vulnerable running processes and changes the method of execution to hide or prevent its removal. = Obfuscator: It is a program that conceals the malicious code of malware via various techniques, thus making it difficult for security mechanisms to detect or remove it. = Packer: This software compresses the malware file to convert the code and data of the malware into malware. = an unreadable format. It uses compression techniques to pack the Payload: It is the part of the malware that performs the desired activity when activated. It may be used for deleting or modifying files, degrading the system performance, opening ports, changing settings, etc., to compromise system security. *= Malicious Code: This is a piece of code that defines the basic functionality of the malware and comprises commands that result in security breaches. It can take the following forms: o Java Applets o ActiveX Controls o Browser Plug-ins o Pushed Content Module 01 Page 29 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Threats and Vulnerabilities Exam 212-82 Types of Malware Bl mojans B russorGrayware B viruses B soyware B rensomware B xeylogger Bl computerWorms Bl sotnets B rootxits B0 Fiteless Maiware Copyright © by E I. All Rights Reserved. Reproduction is Strictly Prohibited. Types of Malware A malware is a piece of malicious software that is designed to perform activities intended by the attacker without user consent. It may be in the form of executable code, active content, scripts, or other kinds of software. Listed below are various types of malware: Trojans Viruses Ransomware Computer Worms Rootkits PUAs or Grayware Spyware Keylogger Botnets Fileless Malware Module 01 Page 30 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.