L17 - T17C - S1 – Malware Vectors

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/6

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

7 Terms

1
New cards

Vector

The method by which the malware executes on a computer and potentially spreads to other network hosts

2
New cards

The types of malware according to vector in this section

  • Viruses

  • Boot sector viruses

  • Trojans

  • Worms

  • Fileless Malware

3
New cards

Virus

Malicious code inserted into an executable file image. The malicious code is executed when the file is run and can deliver a payload, such as attempting to infect other files – (A+) 

  • In Windows executable code has extensions such as

    • .EXE, .MSI, .DLL, .COM, .SCR, and .JAR

  • When the program file is executed, the [___] code is also able to execute with the same privileges as the infected process

  • The first [_____] were explicitly created to infect other files as rapidly as possible.

  • Modern [_____] are more likely to use covert methods to take control of the host

4
New cards

Boot Sector Viruses

Malicious code inserted into the boot sector code or partition table of a storage device that attempts to execute when the device is attached – (A+)

  • These infect the boot sector code or partition table on a disk drive

  • When the disk is attached to a computer, the virus attempts to hijack the bootloader process to load itself into memory.

5
New cards

Trojans

Malicious software program hidden within an innocuous-seeming piece of software. Usually, the Trojan is used to try to compromise the security of the target computer – (A+)

  • This is malware concealed within an installer package for software that appears to be legitimate

  • Will be installed alongside the program and execute with the same privileges

  • Might be able to add itself to start-up locations so that it always runs when the computer starts or the user signs in

    • This is called Persistence

6
New cards

Worms

Type of malware that replicates between processes in system memory and can spread over client/server network connections – (A+)

  • These replicate between processes in system memory  

    • rather than infecting an executable file stored on disk.  

  • Worms can also exploit vulnerable client/server software to spread between hosts in a network

7
New cards

Fileless Malware

Exploit techniques that use the host's scripting environment to create malicious processes – (A+)

  • Refers to malicious code that uses the host’s scripting environment (such as Windows PowerShell or PDF JavaScript) to create new malicious processes in memory

  • May be harder to detect because

    • It may be disguised as script instructions or a document file rather than an executable image file

Explore top notes

Explore top flashcards