Malicious Code

Chapter 3
 OBJECTIVES COVERED

Domain 1.0: Security Operations

• 1.2 Given a scenario, analyze indicators of
potentially malicious activity
• 1.3 Given a scenario, use appropriate tools or
techniques to determine malicious activity
MALWARE
 MALWARE (1/6)

Ransomware
• A kind of malware that takes over a computer then demands
a ransom.
• An effective backup system that stores files in a separate
location will not be impacted if the system or device it backs
up is infected and encrypted by ransomware.

Trojans
• A type of malware that is typically disguised as legitimate
software.
• They rely on unsuspecting individuals running them, thus
providing attackers with a path into a system or device.
 MALWARE (2/6)

Worms
• Self-install and spread themselves.
• Worms can spread via email attachments, network file
shares, or other methods.

Rootkits
• Specifically designed to allow attackers to access a system
through a backdoor.
• The best ways to prevent rootkits are normal security
practices, including patching, use of secure configurations,
and ensuring that privilege management is used.
• Tools like secure boot and techniques that can validate live
systems and files can also be used to help prevent rootkits
from being successfully installed or remaining resident.
 MALWARE (3/6)

Backdoors
• Provide access that bypasses normal authentication and
authorization procedures, allowing attackers access to
systems, devices, or applications.
• Can be both hardware and software based; can be included
in trojans and rootkits.

Bots
• Are remotely controlled systems or devices that have a
malware infection.
• Groups of bots are known as botnets, and botnets are used
by attackers who control them to perform various actions
ranging from additional compromises and infection to denial
of service attacks or acting as spam relays.
 MALWARE (4/6)

Keyloggers
• Capture keystrokes from keyboards as well as other inputs
like mouse movement, touchscreen inputs, or credit card
swipes
• Both software and hardware versions
Logic Bombs
• Not independent malicious programs
• Activate when set conditions occur and take malicious action
Viruses
• Self copy and self replicate
• Require an infection mechanism to spread themselves
Fileless
• Spread via spam and malicious webites using web browser
and plugin flaws
• Inject themselves into memory
 MALWARE (5/6)

Spyware
• Malware designed to obtain information about individuals,
organizations, or systems
• Often track browsing habits
• Usually relatively innocuous
PUPS
• Potentially unwanted programs
• Not dangerous, but take up space and resources
FILELESS VIRUS ATTACK CHAIN
 MALWARE (6/6)

Spyware
• A kind of malware that is designed to obtain information
about an individual, organization, or system.
• Spyware is most frequently combated using anti-malware
tools, although user awareness can help prevent the
installation of spyware that is included in installers for
software or through other means where spyware may
appear to be a useful tool or innocuous utility.

PUPs
• PUPs are typically installed without the user’s awareness, or
as part of a software bundle or other installation.
• A discussion around awareness and best practices with the
end-user, removal with appropriate tools, and a return to
normal operation may be the best solution.
ADVERSARIAL ARTIFICIAL
INTELLIGENCE
ADVERSARIAL ARTIFICIAL INTELLIGENCE

• Basic Actions
• Understand the quality and security of source
data
• Work with AI and ML developers to ensure
that they are working in secure environments
and that data sources, systems, and tools are
maintained in a secure manner
• Ensure that changes to AI and ML algorithms
are reviewed, tested, and documented
• Encourage reviews to prevent intentional or
unintentional bias in algorithms
• Engage domain experts wherever possible