2022-03-08 19:30:01 +00:00
|
|
|
= Malware =
|
|
|
|
|
|
|
|
== Types ==
|
|
|
|
|
2022-03-09 17:45:01 +00:00
|
|
|
=== Advanced Persistent Threat ===
|
2022-03-08 19:30:01 +00:00
|
|
|
|
|
|
|
Cybercrime directed at a business and political targets,
|
|
|
|
using variety of intrusion techs and malware, applied persistently
|
|
|
|
Often state sponsored.
|
|
|
|
|
2022-03-09 17:45:01 +00:00
|
|
|
=== Adware ===
|
2022-03-08 19:30:01 +00:00
|
|
|
|
|
|
|
Advertising that is integrated into software. Makes popup ads or
|
|
|
|
redirection of a browser to commercial site
|
|
|
|
|
2022-03-09 17:45:01 +00:00
|
|
|
=== Attack kit ===
|
2022-03-08 19:30:01 +00:00
|
|
|
|
|
|
|
Set of tools for generating new malware automatically using a variety of
|
|
|
|
supplied propagation and payload mechanisms (metasploit)
|
|
|
|
|
2022-03-09 17:45:01 +00:00
|
|
|
=== Auto-rooter ===
|
2022-03-08 19:30:01 +00:00
|
|
|
|
|
|
|
Malicous tools to break into new machines remotely
|
|
|
|
|
2022-03-09 17:45:01 +00:00
|
|
|
=== Backdoor (trapdoor) ===
|
2022-03-08 19:30:01 +00:00
|
|
|
|
|
|
|
Any mechanism that bypasses a normal security check; it may allow unauthorized
|
|
|
|
access to functionality in a program, or onto a compromised system.
|
|
|
|
|
2022-03-09 17:45:01 +00:00
|
|
|
=== Downloaders ===
|
2022-03-08 19:30:01 +00:00
|
|
|
|
|
|
|
Code that installs other items on a machine that is under attack. Included in
|
|
|
|
malware code first inserted onto a compromised system to import a larger
|
|
|
|
malware system.
|
|
|
|
|
2022-03-09 17:45:01 +00:00
|
|
|
=== Drive by download ===
|
2022-03-08 19:30:01 +00:00
|
|
|
|
|
|
|
Attack using code on a comprisimised website that exploits a browser
|
|
|
|
vulnerability to attack a client system when the site is viewed.
|
|
|
|
|
2022-03-09 17:45:01 +00:00
|
|
|
=== Exploits ===
|
2022-03-08 19:30:01 +00:00
|
|
|
|
|
|
|
Code sepcific to a single vulnerability
|
|
|
|
|
2022-03-09 17:45:01 +00:00
|
|
|
=== Flooders ===
|
2022-03-08 19:30:01 +00:00
|
|
|
|
|
|
|
Generate a large volume of data to attack a networked computer system, carrying
|
|
|
|
out some DOS attack
|
|
|
|
|
2022-03-09 17:45:01 +00:00
|
|
|
=== Keyloggers ===
|
2022-03-08 19:30:01 +00:00
|
|
|
|
|
|
|
Capture keystrokes on a compromised system
|
|
|
|
|
2022-03-09 17:45:01 +00:00
|
|
|
=== Logic Bomb ===
|
2022-03-08 19:30:01 +00:00
|
|
|
|
|
|
|
Code inserted into malware by intruder. Lies dormant until a condition is met,
|
|
|
|
then code triggers some payload.
|
2022-03-08 19:45:01 +00:00
|
|
|
|
2022-03-09 17:45:01 +00:00
|
|
|
=== Macro virus ===
|
2022-03-08 19:45:01 +00:00
|
|
|
|
|
|
|
Virus using macro scripting code, typically embedded in a document or document
|
|
|
|
template, and triggered when the document is viewed/edited, to run and
|
|
|
|
replicate into other documents.
|
|
|
|
|
2022-03-09 17:45:01 +00:00
|
|
|
=== Mobile code ===
|
2022-03-08 19:45:01 +00:00
|
|
|
|
|
|
|
Software that can be shipped unchanged to a htereogenous colelctions of
|
|
|
|
platforms and execute with identical semantics.
|
|
|
|
|
2022-03-09 17:45:01 +00:00
|
|
|
=== Rootkit ===
|
2022-03-08 19:45:01 +00:00
|
|
|
|
|
|
|
Tools used after a system has been compromised to gain root level access
|
|
|
|
|
2022-03-09 17:45:01 +00:00
|
|
|
=== Spyware ===
|
2022-03-08 19:45:01 +00:00
|
|
|
|
|
|
|
Software that monitors keystrokes, screen data, and/or network traffic, or
|
|
|
|
scans files for sensitive information, and sends it back to some Controler
|
|
|
|
server.
|
|
|
|
|
2022-03-09 17:45:01 +00:00
|
|
|
=== Trojan horse ===
|
2022-03-08 19:45:01 +00:00
|
|
|
|
|
|
|
Appears to have useful function, but has hidden and malicous purpose and evades
|
|
|
|
security machanisms, sometimes by exploiting legit authorizations of system
|
|
|
|
entity that invoked it
|
|
|
|
|
2022-03-09 17:45:01 +00:00
|
|
|
=== Virus ===
|
2022-03-08 19:45:01 +00:00
|
|
|
|
|
|
|
Malware that when executed, attempts to replicate itself and propigate itself.
|
|
|
|
|
2022-03-09 17:45:01 +00:00
|
|
|
=== Worm ===
|
2022-03-08 19:45:01 +00:00
|
|
|
|
|
|
|
Malware that can run independently and can propagate a complete working version
|
|
|
|
of itself onto other hosts on a network, by exploiting software vulns in the
|
|
|
|
target system, or using capture credentials
|