L17 - T17C - S1 – Malware Vectors

Vector

The method by which the malware executes on a computer and potentially spreads to other network hosts

The types of malware according to vector in this section

• Viruses

• Boot sector viruses

• Trojans

• Worms

• Fileless Malware

Virus

Malicious code inserted into an executable file image. The malicious code is executed when the file is run and can deliver a payload, such as attempting to infect other files – (A+) 

• In Windows executable code has extensions such as

  • .EXE, .MSI, .DLL, .COM, .SCR, and .JAR

• When the program file is executed, the [___] code is also able to execute with the same privileges as the infected process

• The first [_____] were explicitly created to infect other files as rapidly as possible.

• Modern [_____] are more likely to use covert methods to take control of the host

Boot Sector Viruses

Malicious code inserted into the boot sector code or partition table of a storage device that attempts to execute when the device is attached – (A+)

• These infect the boot sector code or partition table on a disk drive

• When the disk is attached to a computer, the virus attempts to hijack the bootloader process to load itself into memory.

Trojans

Malicious software program hidden within an innocuous-seeming piece of software. Usually, the Trojan is used to try to compromise the security of the target computer – (A+)

• This is malware concealed within an installer package for software that appears to be legitimate

• Will be installed alongside the program and execute with the same privileges

• Might be able to add itself to start-up locations so that it always runs when the computer starts or the user signs in

  • This is called Persistence

Worms

Type of malware that replicates between processes in system memory and can spread over client/server network connections – (A+)

• These replicate between processes in system memory  

  • rather than infecting an executable file stored on disk.  

• Worms can also exploit vulnerable client/server software to spread between hosts in a network

Fileless Malware

Exploit techniques that use the host's scripting environment to create malicious processes – (A+)

• Refers to malicious code that uses the host’s scripting environment (such as Windows PowerShell or PDF JavaScript) to create new malicious processes in memory

• May be harder to detect because

  • It may be disguised as script instructions or a document file rather than an executable image file