You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
- Replicates via file/infector that is on a remote system
- Parasites off local memory and is accessed on boot
- typically uses local script-friendly applications (JVM, PDFs, MS docs etc)
Worms
- Replicates from local memory into other devices
- Consumes network bandwidth to replicate
- Typically attempts to achieve persistence to allow repeated attacks or access after reboot
Potentially Unwanted Programs (PUPS)
Unwanted/intrusive software that doesn't usually attempt to replicate
Spyware/Keyloggers
- Track user activities, does not replicate
- Typically stores data by accessing peripherals or listening for actions for transmission at a later time.
- Adware also follows under these sorts of files
Trojans
- Typically backdoors (remote access trojans)
- Can also be used to make botnets or other system to act as slave system for a command and control systems using covert channels.
Rootkits
- malware that executes with system privileges.
- most systems attempt to prevent misuse of kernel processes
- can hide inside peripheral storage
Ransomware, cryptojackers
- Ransomware: Software that extorts money by encrypting or otherwise locking out computers and then demanding money for return
- Cryptojackers: install a cryptominer on a software to generate wholely or in part cryptocurrency
Signs of Compromise
- Antivirus notification trigers
- Sandbox executions/run the code in a sandbox or other contained system to check
- Excessive resource consumption
- Changes in file systems