Lesson 9. Malware: Unseen Software Threats

Malware

Malicious software installed on servers or devices to steal information, bypass security controls, or compromise network systems. It is a broad term encompassing various types of harmful programs designed to disrupt or damage systems.

Spyware

A type of malware designed to secretly monitor and record user activity, including keystrokes and login information. Spyware exploits vulnerabilities to spread and can compromise personal data.

Trojan Horse

A type of malware that disguises itself as a legitimate program or file to deceive users into installing it. Once installed, it allows attackers to access a system or network, often without the user's knowledge.

Virus

A self-replicating malware that spreads through files, documents, or vulnerabilities in web applications. It can steal data, damage systems, or create botnets by infecting other computers.

Worm

Malware that spreads over networks by exploiting operating system vulnerabilities. Unlike viruses, worms replicate and propagate automatically, often consuming bandwidth and performing malicious actions like data theft.

Rootkit

A set of tools used by attackers to remotely control a system without being detected by security software. Rootkits grant administrative access to systems, allowing attackers to alter files, install more malware, or steal data.

Bot

A program used to automate tasks or operations, often in the context of cyberattacks such as Distributed Denial of Service (DDoS). Bots can also be used to distribute other types of malware.

Bug

A flaw or error in a program's source code that affects its behavior. Security bugs can create vulnerabilities, allowing attackers to gain unauthorized access to systems and steal data.

Ransomware

Malware that encrypts a system's data and demands a ransom for its release. It often spreads like a worm, infiltrating systems through downloaded files or network vulnerabilities.

Adware

Software that delivers advertisements, usually in the form of pop-ups. While often bundled with free programs, adware can also track user activity and steal personal information, functioning like spyware.

Backdoor

A method of accessing a computer or network without authentication, often installed by administrators for maintenance. Malicious actors can also create backdoors to bypass security measures and gain unauthorized access.

Logic Bomb

A piece of malicious code inserted into software to trigger an event at a later time, such as denying service or disrupting system operations. Detecting logic bombs requires carefully reviewing code.

Polymorphic Malware

Malware designed to alter its form each time it moves between devices or media, making it harder for antivirus programs to detect. It mutates frequently to evade detection.

Armored Virus

A virus that uses encryption to protect itself from antivirus detection. This encryption serves as a defense mechanism, making it harder for security software to identify and remove the virus.

Phishing Attack

A social engineering attack where attackers use fraudulent emails or websites to trick users into revealing sensitive information such as passwords or credit card numbers.

Vishing

A type of phishing attack conducted via phone calls or VoIP, where attackers attempt to deceive or manipulate victims into divulging confidential information.

Spear Phishing

A targeted form of phishing attack aimed at specific groups of people who share common characteristics or attributes. The attackers manipulate these individuals into providing personal information, such as Social Security numbers.

Xmas Attack

A denial-of-service attack that overwhelms routers with packets requiring more processing than usual. This attack can reveal protocol settings and network infrastructure details.

Privilege Escalation

A cyberattack where attackers exploit vulnerabilities to gain higher levels of access to a system, typically elevating their privileges from a basic user to an administrator.

Malicious Insider Threat

A threat posed by individuals within an organization who intentionally cause harm or access sensitive data for malicious purposes. These insiders can be employees or contractors.

Client-Side Attack

An attack where vulnerabilities in the client-side operating system or application are exploited to gain unauthorized access to a network or system.

Transitive Access Attack

A cyberattack where attackers exploit trust relationships between systems or networks to gain unauthorized access to resources.

Watering Hole Attack

A type of cyberattack where malware is planted on websites commonly visited by target users, often causing visitors to unknowingly download malicious software.

Pharming Attack

An attack that redirects traffic by altering the host files or DNS settings on a victim's system, directing users to fraudulent websites.

DNS Poisoning

A type of attack where the DNS tables are corrupted, redirecting web traffic to malicious sites by changing the IP addresses in the DNS tables.

ARP Poisoning

An attack that corrupts the ARP cache of a system, redirecting network traffic by altering the system's address resolution protocol (ARP) table.

URL Hijacking

A cyberattack in which attackers register domain names similar to those of legitimate companies, misleading users into visiting a malicious site, potentially capturing sensitive data.

Brute Force Attack

A password cracking method where attackers systematically try all possible combinations of characters until the correct password is found.

Dictionary Attack

A password attack technique in which attackers use a precompiled list of common passwords or personal information to guess the victim's password.

Hybrid Attack

A password attack method that combines elements of brute force and dictionary attacks to guess passwords, increasing the likelihood of success.

Birthday Attack

A cryptographic attack exploiting the probability that two different inputs can produce the same hash output, based on the birthday paradox.

Rainbow Tables

Precomputed tables used to reverse cryptographic hash functions, allowing attackers to compare hashed passwords against known plaintext values to crack passwords.

Shoulder Surfing

A social engineering tactic where attackers observe a victim's actions or sensitive information by physically looking over their shoulder, often in public or office settings.

Tailgating

A physical security breach where an unauthorized individual follows someone with authorized access into a secure area, such as an office building, without proper authentication.

Hoax

A false story or misleading information designed to manipulate victims into performing actions or disclosing confidential information.

Whaling

A type of phishing attack specifically targeted at high-profile individuals, such as CEOs or VIPs, to steal confidential information or gain unauthorized access to systems.

Dumpster Diving

The practice of searching through a company's discarded materials, such as trash or recycling, to find valuable information that could aid in a social engineering attack.

Impersonation

A form of social engineering where an attacker pretends to be someone else, often to gain unauthorized access to systems or to trick an employee into revealing sensitive information.