software that enters a computer system without the user's knowledge or consent and then performs an unwanted and usually harmful action Show malware (malicious software) how does malware deliver a malicious "payload" How can malware be classified by using the primary trait that the malware possesses What are the classifications of malware. by their primary trait
what is a legal term used by some jurisdictions in place of "malware" there are many new malware that have emerged but we still classify it by types. What is another way of grouping malware because threat actors often tweak their malware so that it evades the latest security defenses, many instances of malware are similar. These similar instances of malware are referred to as primary trait spreading rapidly to other systems to impact a large number of users. how does malware circulate Can happen automatically or may require action by the user
once the malware reaches a system through circulation it embeds itself into the system. This is known as Once malware has infected a system how often can it run it can run once or it can remain in the system and be launched infinite number of time some malware has as its primary trait avoiding detection by concealing its presence from software scanners that are looking for malware. This primary trait is When this is the primary trait of malware, the goal is the nefarious actions the malware performs. some malware can have more than one trait. How do we classify them in this case based on the primary trait Two types of malware that have the primary trait of circulation
malicious computer code that reproduces itself on the same computer are virus and malware interchangeable terms No. Strictly speaking virus is only one type of malware a virus that infects an executable program file A virus can also be part of a data file. The most common is called what a series of instructions that can be grouped together as a single command. Often used to automate a complex set of tasks or a repeated series of tasks this virus first attaches or appends itself to the end of the infected file. Then it inserts at the beginning of the file a jump instruction that points to the end of the file which is the beginning of the virus code Bc appender infection viruses can easily be detected by virus scanners. Armored viruses were developed to avoid detection. What do the techniques include
viruses inject themselves into executable code which "scrambled" to make it more difficult to detect. They also divide the engine to unscramble or decrypt the virus code. The different pieces are injected throughout the infected code virus splits into several parts. Parts of it are placed at random positions in the host program. These parts may contain unnecessary "garbage" code to mask its true purpose instead of hiding some viruses can change this virus changes its internal code to one of a set number of predefined mutations whenever it is executed this virus completely changes from its original form whenever it is executed this virus can actually rewrite its own code and thus appears different each time it is executed by creating a logical equivalent of its code whenever it is run what are the two actions that a virus performs
what are viruses attached to can a virus automatically spread to another computer no. it relies on user action to spread by transferring infected files what two carriers must a virus have a file to which it attaches and a human to transport it to other computers a malicious program that uses a computer network to replicate what is another name that we sometimes use for worms what are the two things worms may do
or
sends copies of itself to other network devices. Once it exploits a vulnerability in a device it immediately searches for another computer where does a worm replicate does a worm need a user action for it to spread an executable program that is advertised as performing one activity but which also performs a malicious activity a trojan that also gives the threat agent unauthorized access to the victim's computer by using specially configured communication protocols remote access trojan (RAT) three examples of malware that have a primary trait of infection
malware that prevents a user's device from properly and fully functioning until a fee is paid. It is highly profitable the earliest ransomware displays a screen and prevents the user from accessing the computer's resources. This is called what malware that encrypts all the files on the device so that they cannot be opened because a person could just reinstall their operating system to get control over their computer and files when they got a blocker ransomware, threat actors developed this crypto-malware it encrypts all files on the device so that none of them can be opened how does crypto-malware work
malware that hides its presence or the presence of other malware hide or remove traces of log-in records, log entries may alter or replace operating system files with modified versions that are specifically designed to ignore malicious activity why can't user trust their computer that contains a rootkit the rootkit is in charge and hides what is occurring on the computer where can the destructive power of malware be found in its payload capabilities what are the primary payload capabilities
malware that collects data includes what types
tracking software that is deployed without the consent or control of the user uses the computer's resources for the purposes of collecting and distributing personal or sensitive information spyware that silently captures and stores each keystroke that a user types on the computer's keyboard What are the two forms of keyloggers
not all spyware is malicious. Give an example of this spyware monitoring tools used by parent to keep track of their children's online activities a software program that delivers advertising content in a manner that is unexpected and unwanted by the user why do users disapprove of adware
computer code that lies dormant until it is triggered by a specific logical event what type of malware payload is a logic bomb
undocumented yet benign hidden feature that launches a set of special commands, key combinations, or mouse clicks Easter egg (not the same as a logic bomb) a software code that gives access to a computer program or a service that circumvents any normal security protections when installed on a computer, they allow the attacker to return at a later time and bypass security settings this a common practice by developers who may need to access a program or device on a regular basis, yet do not want to be hindered by continual requests for passwords or other security approvals an infected computer that is under the remote control of an attacker for the purpose of launching attacks bot also known as a zombie when hundreds, thousands, or even millions of bot computers are gathered into a logical computer network they create what infected zombie computers wait for instruction through a command and control (C&C) structure from the bot herders. What is a common C&C mechanism used today HTTP, which is more difficult to detect and block botnets are used for what type of attacks
a means of gathering information for an attack by relying on the weaknesses of individuals social engineering attacks rely on what psychological approaches involving person-to-person contact name some of the techniques social engineers use to gain trust
what are the principles used by social engineers (7)
a socials engineering effectiveness principle in which the victim is influenced by confidence a socials engineering effectiveness principle in which the victim is influenced by the claim that the victim is well known and well received a socials engineering effectiveness principle in which the victim is influenced by the claim that immediate action is needed a socials engineering effectiveness principle in which the victim is influenced by the idea that something is in short supply a socials engineering effectiveness principle in which the victim is frightened and coerced by threat a socials engineering effectiveness principle in which the attack is directed by someone impersonating an authority figure or falsely citing their authority a socials engineering effectiveness principle in which the victim is influenced by what others do social engineering attacks with psychological approaches often involve
a social engineering attack that involves masquerading as a real or fictitious character and then playing out the role of that person on a victim attackers will often impersonate what type of person an authority figure because victims generally resist saying "no" to anyone in power sending an email or displaying a web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information what are the variations of phishing attacks
about which percentage of all attacks start with phishing a phishing attack that targets only specific users a phishing attack that targets only wealthy individuals a phishing attack that uses telephone calls instead of emails unsolicited emails that is sent to large numbers of recipients look for specific words and block the email why is spam such a lucrative business cost spammers very little to send millions of spam messages uses graphical images of text in order to circumvent text based filters. Often contains nonsense text so it appears legitimate who do hoax messages usually claim they are from what do hoax messages try to get the victim to do erase specific files or change security configurations
a malicious attack that is directed toward a smaller group of specific individuals by embedding malware in a website frequented by those individuals two of the most common physical procedures used by social engineers
the act of digging through trash receptacles to find information that can be useful in an attack An electronic variation of physical dumpster diving is to use Google’s search engine to look for documents and data posted online that can be used in an attack. This is called what are some items that are retrieved in dumpster diving
when an unauthorized individual enters a restricted-access building by following an authorized user An employee conspires with an unauthorized person to allow him to walk in with him through the open door watching a user enter secret information What technique is used in social engineering attacks?Social engineering is used to gain (unauthorized) access to sensitive data, cryptocurrency wallets or accounts, or to induce victims to download malware onto computers and networks to enact further damage. Such techniques include phishing, baiting, quid pro quo attacks, pretexting, and tailgating.
What are the 4 types of social engineering?Social engineering attack techniques. Baiting. As its name implies, baiting attacks use a false promise to pique a victim's greed or curiosity. ... . Scareware. Scareware involves victims being bombarded with false alarms and fictitious threats. ... . Pretexting. ... . Phishing. ... . Spear phishing.. Which of the following are examples of social engineering attacks?In this article we dive into 7 types of social engineering attacks to be aware of.. Phishing. Phishing attacks are the most common type of social engineering attack, and they can be done over email, social media sites or SMS. ... . Watering Hole. ... . Whaling. ... . Pretexting. ... . Quid Pro Quo. ... . Vishing. ... . Baiting.. Which of the following are examples of social engineering attacks select three?Social engineering attacks include shoulder surfing, eavesdropping, USB and keyloggers, spam and spim, and hoaxes.
|