Other Malware
Ungraded Quiz
- Explain how ransomware uses cryptography to restrict access to a victim’s files
- What is a zero-day exploit? Why is it so dangerous?
Key Concepts
Browser-based malware
- visiting a web page authorizees running its content in the browser
- drive-by download: visiting a web page causes malware to be silently downloaded and run, taking advantage of browser vulnerability
- malicious JavaScript may be
- ads (ad blockers are a security tool not just a protection from annoyances)
- web widgets
- user-provided content (e.g. on a site that allows comments)
- malicious parameters in URL links
- if you can get the browser to visit an unintended web page, that web page may host the malware
- easy to use redirects without the user noticing
- easy to hide content in zero-pixel iframe
- dropper: installs other malware
Ransomware
Botnets
- collection of machines that have been compromised by shell code
- controlled by a machine or machines (command and control or C&C)
- may be peer-to-peer
- may involve a hierarchy, with controller at the top
- try to obscure the channels to avoid the control being shut down
- try to obscrure the channels to avoid being caught
- can be used for
- denial of service attacks
- spam campaigns — sell stuff, or generate traffic
- install keyloggers to get financial info
Zero-day exploits
- an attack that takes advantage of a new vulnerability
- gives the community no time to prepare before the malware is released
- for anything that is non-zero-day, we know about the attack and we have ways to fix it, and yet systems remain unpatched
Logic bomb
- malware that is triggered by a particular sequence of actions (e.g. a particular user logging in, a particular date)
Social engineering
- manipulating a person into performing an action or divulging confidential information
- see Happy99 virus
- common trick used by penetration tester to gain access to a company’s resources (with permission!)
Malware objectives and properties
