Security+ Guide

——–

Given a scenario, analyze indicators of compromise and determine the type of malware.

1. Virus –  A computer virus modifies other legitimate host files (or pointers to them) in such a way that when a victim’s file is executed, the virus is also executed.
2. Crypto-malware – Essentially the same thing as Ransomware, holds all of your data hostage in return for crypto payments.
3. Ransomware – Encrypts files on your computer and requests a crypto payment to decrypt
4. Worm – Self-replicates (spreads without any end-user action)
5. Trojan – Pretends to be legit programs, but has malicious actions. Ex. fake AV programs (has to be executed by end-user and may be pushed by infected sites)
6. Rootkit – Essentially, malware programs attempt to modify the underlying operating system to take ultimate control and hide from antimalware programs.
7. Keylogger – malware that records the keystrokes and can gain access to passwords, etc.
8. AdWare – malicious ads attempting to expose end-users ex. May redirect searches to dangerous sites
9. SpyWare – can install keyloggers to find account info, etc. most likely means theres a root exploit issue
10. Bots – Bots are essentially Trojan/worm combinations that attempt to make individual exploited clients a part of a larger malicious network. Botmasters have one or more “command and control” servers that bot clients check into to receive their updated instructions. Cyber criminals can rent out botnets
11. RAT – Remote Access Trojan – usually installed without end-user’s knowledge
12. Logic Bomb – uploaded on the back-end of a computer but has a timer before it either starts deleting/stealing/encrypting data/etc.
13. Backdoor – bypasses normal authentication and usually enables some type of remote access’