Which malware has the primary trait of concealment?
A rootkit is a program or a collection of malicious software tools that give a threat actor remote access to and control over a computer or other system. Although this type of software has some legitimate uses, such as providing remote end-user support, most rootkits open a backdoor on victims' systems to introduce malicious software -- including viruses, ransomware, keylogger programs or other types of malware -- or to use the system for further network security attacks. Rootkits often attempt to prevent detection of malicious software by deactivating endpoint antimalware and antivirus software. Show
Rootkits, which can be purchased on the dark web, can be installed during phishing attacks or employed as a social engineering tactic to trick users into giving the rootkits permission to be installed on their systems, often giving remote cybercriminals administrator access to the system. Once installed, a rootkit gives the remote actor access to and control over almost every aspect of the operating system (OS). Older antivirus programs often struggled to detect rootkits, but today, most antimalware programs can scan for and remove rootkits hiding within a system. This diagram shows nine different types of malware, including rootkits.How rootkits workSince rootkits cannot spread by themselves, they depend on clandestine methods to infect computers. When unsuspecting users give rootkit installer programs permission to be installed on their systems, the rootkits install and conceal themselves until hackers activate them. Rootkits contain malicious tools, including banking credential stealers, password stealers, keyloggers, antivirus disablers and bots for distributed denial-of-service attacks. Rootkits are installed through the same common vectors as any malicious software, including by email phishing campaigns, executable malicious files, crafted malicious PDF files or Microsoft Word documents, connecting to shared drives that have been compromised or downloading software infected with the rootkit from risky websites. What can be compromised during a rootkit attack?The following are some of the potential results of a rootkit attack:
Symptoms of rootkit infectionA primary goal of a rootkit is to avoid detection to remain installed and accessible on the victim's system. Although rootkit developers aim to keep their malware undetectable and there are not many easily identifiable symptoms that flag a rootkit infection, here are four indicators that a system has been compromised:
Types of rootkitsRootkits are classified based on how they infect, operate or persist on the target system:
Tips for preventing a rootkit attackAlthough it is difficult to detect a rootkit attack, an organization can build its defense strategy in the following ways:
Rootkit detection and removalOnce a rootkit compromises a system, the potential for malicious activity is high, but organizations can take steps to remediate a compromised system. Rootkit removal can be difficult, especially for rootkits that have been incorporated into OS kernels, into firmware or on storage device boot sectors. While some antirootkit software can detect and remove some rootkits, this type of malware can be difficult to remove entirely. One approach to rootkit removal is to reinstall the OS, which, in many cases, eliminates the infection. Removing bootloader rootkits may require using a clean system running a secure OS to access the infected storage device. Rebooting a system infected with a memory rootkit removes the infection, but further work may be required to eliminate the source of the infection, which may be linked to command-and-control networks with presence in the local network or on the public internet. Examples of rootkit attacksPhishing and social engineering attacks. Rootkits can enter computers when users open spam emails and inadvertently download malicious software. Rootkits also use keyloggers that capture user login information. Once installed, a rootkit can give hackers access to sensitive user information and take control of computer OSes. Application rootkit attacks. Rootkits can install themselves on commonly used applications, such as spreadsheet and word processing software. The hackers use application rootkits to gain access to users' information whenever they open the infected applications. Network and internet of things (IoT) attacks. Significant security threats come in with IoT devices and edge computing that lack the security measures other systems and centralized computers have. Hackers find and exploit these vulnerabilities by inserting rootkits through edge points of entry. This can enable a rootkit to spread throughout a network, taking over computers and workstations and rendering them as zombie computers under outside control. OS attacks. After entering a system, a kernel mode rootkit can attack the system's OS. The attack can include modifying the functionality of the OS, slowing system performance, and even accessing and deleting files. Kernel mode rootkits usually enter systems when a user inadvertently opens a malicious email or executes a download from an unreliable source. Credit card swipe and scan attacks. Criminals have used rootkits to infect credit card swipers and scanners. The rootkits are programmed to record credit card information and to send the information to servers controlled by hackers. To prevent this, credit card companies have adopted chip-embedded cards, which are more impervious to attack. Malware continues to become more sophisticated, creating a gap in current network defenses. Learn how to avert malware using a modern approach that provides protection against both known and unknown threats. What are the primary traits of malware?May display objectionable content. Frequent pop-up ads cause lost productivity. Pop-up ads slow computer or cause crashes. Unwanted ads can be a nuisance.
Which of the following malware has the primary purpose to conceal itself?A Trojan disguises itself as desirable code or software. Once downloaded by unsuspecting users, the Trojan can take control of victims' systems for malicious purposes. Trojans may hide in games, apps, or even software patches, or they may be embedded in attachments included in phishing emails.
What are the two types of virus by concealment strategy?Stealth virus: a form of virus explicitly designed to hide itself from detection by antivirus software. Thus, the entire virus, not just a payload, is hidden. Polymorphic virus: a virus that mutates with every infection, making detection by the “signature” of the virus impossible.
What are the three types of malware that have the primary traits of circulation?Circulation/infection malware include viruses, worms and Trojans. While a viruses is akin to those that affect biological organisms, a worm is a malicious program that uses a computer network to replicate.
|