vimwiki/tech/malware.wiki

95 lines
2.5 KiB
Plaintext
Raw Normal View History

2022-03-08 19:30:01 +00:00
= Malware =
== Types ==
2022-03-09 17:45:01 +00:00
=== Advanced Persistent Threat ===
2022-03-08 19:30:01 +00:00
Cybercrime directed at a business and political targets,
using variety of intrusion techs and malware, applied persistently
Often state sponsored.
2022-03-09 17:45:01 +00:00
=== Adware ===
2022-03-08 19:30:01 +00:00
Advertising that is integrated into software. Makes popup ads or
redirection of a browser to commercial site
2022-03-09 17:45:01 +00:00
=== Attack kit ===
2022-03-08 19:30:01 +00:00
Set of tools for generating new malware automatically using a variety of
supplied propagation and payload mechanisms (metasploit)
2022-03-09 17:45:01 +00:00
=== Auto-rooter ===
2022-03-08 19:30:01 +00:00
Malicous tools to break into new machines remotely
2022-03-09 17:45:01 +00:00
=== Backdoor (trapdoor) ===
2022-03-08 19:30:01 +00:00
Any mechanism that bypasses a normal security check; it may allow unauthorized
access to functionality in a program, or onto a compromised system.
2022-03-09 17:45:01 +00:00
=== Downloaders ===
2022-03-08 19:30:01 +00:00
Code that installs other items on a machine that is under attack. Included in
malware code first inserted onto a compromised system to import a larger
malware system.
2022-03-09 17:45:01 +00:00
=== Drive by download ===
2022-03-08 19:30:01 +00:00
Attack using code on a comprisimised website that exploits a browser
vulnerability to attack a client system when the site is viewed.
2022-03-09 17:45:01 +00:00
=== Exploits ===
2022-03-08 19:30:01 +00:00
Code sepcific to a single vulnerability
2022-03-09 17:45:01 +00:00
=== Flooders ===
2022-03-08 19:30:01 +00:00
Generate a large volume of data to attack a networked computer system, carrying
out some DOS attack
2022-03-09 17:45:01 +00:00
=== Keyloggers ===
2022-03-08 19:30:01 +00:00
Capture keystrokes on a compromised system
2022-03-09 17:45:01 +00:00
=== Logic Bomb ===
2022-03-08 19:30:01 +00:00
Code inserted into malware by intruder. Lies dormant until a condition is met,
then code triggers some payload.
2022-03-08 19:45:01 +00:00
2022-03-09 17:45:01 +00:00
=== Macro virus ===
2022-03-08 19:45:01 +00:00
Virus using macro scripting code, typically embedded in a document or document
template, and triggered when the document is viewed/edited, to run and
replicate into other documents.
2022-03-09 17:45:01 +00:00
=== Mobile code ===
2022-03-08 19:45:01 +00:00
Software that can be shipped unchanged to a htereogenous colelctions of
platforms and execute with identical semantics.
2022-03-09 17:45:01 +00:00
=== Rootkit ===
2022-03-08 19:45:01 +00:00
Tools used after a system has been compromised to gain root level access
2022-03-09 17:45:01 +00:00
=== Spyware ===
2022-03-08 19:45:01 +00:00
Software that monitors keystrokes, screen data, and/or network traffic, or
scans files for sensitive information, and sends it back to some Controler
server.
2022-03-09 17:45:01 +00:00
=== Trojan horse ===
2022-03-08 19:45:01 +00:00
Appears to have useful function, but has hidden and malicous purpose and evades
security machanisms, sometimes by exploiting legit authorizations of system
entity that invoked it
2022-03-09 17:45:01 +00:00
=== Virus ===
2022-03-08 19:45:01 +00:00
Malware that when executed, attempts to replicate itself and propigate itself.
2022-03-09 17:45:01 +00:00
=== Worm ===
2022-03-08 19:45:01 +00:00
Malware that can run independently and can propagate a complete working version
of itself onto other hosts on a network, by exploiting software vulns in the
target system, or using capture credentials