Malware

Section 5: Malware from Dion Training Security+ Course

Malware

Any software that is designed to infiltrate a computer system without the user’s knowledge

Threat Vector

Specific method used by an attacker to infiltrate a victim’s machine

Examples: Unpatched software, installing code, phishing campaign or other vulnerabilites

Attack vector

A means by which an attacker gains access to a computer to infect the system with malware

Threat Vector vs Attack Vector

Threat Vector: Breaks into the system.

Attack Vector: Breaks into and infects the system.

Virus

Malicious software that attaches to clean files and spreads into a computer system

Worms

Standalone malware programs that replicate and spread to other systems by exploiting software vulnerabilities

Trojans

Malicious programs which appear to be legitimate software that allow unauthorized access to a victim’s system when executed

Ransomware

Encrypts a user’s data and holds it hostage until a ransom is paid to the attacker for decryption

Zombies

Compromised computers that are remotely controlled by attackers and used in coordination to form a botnet

Botnet

Network of zombies and are often used for DDoS attacks, spam distribution, or cryptocurrency mining

Rootkits

Malicious tools that hide their activities and operate at the OS level to allow for ongoing priveleged access

Backdoors

Malicious means of bypassing normal authentication processes to gain unauthorized access to a system

Logic Bombs

Embed code placed in legitimate programs that executes a malicious action when a specific condition or trigger occurs

Keyloggers

Record a user’s keystrokes and are used to capture passwords or other sensitive information

Spyware

Secretly monitors and gathers user information or activities and sends data to third parties

Bloatware

Unnecessary or pre-installed software that consumes system resources and space without offering any value to the user

Malware Exploitiation Techniques

Involve methods by which malware infiltrates and infects targeted systems

Boot Sector Virus

Stored in the first sector of a hard drive and is then loaded into memory whenever the computer boots up

Macro Virus

A form of code that allows a virus to be embedded inside another document so that when that document is opened by the user, the virus is executed

Program Virus

Tries to find executables or application files to infect with their malicious code

Multipartite Virus

A combination of a boot sector type virus and a program virus

Encrypted Virus

Designed to hide itself from being detected by encrypting its malicious code or payloads to avoid detection by any antivirus software

Polymorphic Virus

Advanced version of an encrypted virus, but instead of just encrypting the contents, it will actually change the virus’s code each time it is executed by altering the decryption module in order

Metamorphic Virus

Able to rewrite itself entirely before it attempts to infect a given file

Stealth Virus

Not necessarily a specific type of virus as much as it is a technique used to prevent the virus from being detected by the anti-virus software

Armored Virus

Have a layer of protection to conufse a pgoram or a person who’s trying to analyze it

Hoax

A form of technical social engineering that attempts to scare end users into taking undesireable action on their system

Trojan

A piece of malicious software that is disguised as a piece of harmless or desireable software

Remote Access Trojan (RAT)

Type of Trojan that is widely used by modern atackers because it provides tha attacker with remote control of a victim machine

Command and Control Node

Responsible for managing and coordinating the activities of other nodes or devices within a network.

Kernel Mode

Allows a system to control access to things like device drivers, sound card, and monitor

DLL Injection

Technique used to run arbitrary code within the address space of another process by forcing it to load a dynamic-link library

Shim

Software code that is placed between two components

Backdoor

Used to bypass the normal security and authentication functions

Easter Egg

Insecure coding practice that was used by programmers to provide a joke or a gag gift to the users

Keylogger

Piece of software or hardware that records every single keystroke that is made on a computer or mobile device

Exploit Technique

Describes the specific method by which malware code infects a target host

Fileless Malware

Used to create a process in the system memory without relying on the local file system of the infected host

Most modern malware uses a two-stage deployment model. What are these two stages?

Stage 1: Dropper or Downloader—When a user clicks on a malicious link or opens a malicious file, malware is installed.
Stage 2: Downloader - Download an install a remote access Trojan to conduct command and control on the victimized system

Dropper

Initiates or runs other malware forms within a payload on an infected host

Downloader

Retrieves additional tools post the initial infection facilitated by a dropper

Shellcode

Encompasses lightweight code meant to execute an exploit on a given target

“Actions on Objectives” Phase

Comes directly after the threat actor has established a foothold on a victim using the two-stage deployment model. Here, threat actors will execute primary objectives to meet core objectives (data exfiltration or file encryption)

Concealment

Used to help the threat actor prolong unauthorized access to a system by hiding tracks, erasig log files, and hiding any evidence of malicious activities

Living Off the land

The threat actors try to exploit the standard system tools to perform intrustions