Malicious Code
More Malicious Code
Woah, More Malicious Code
Attacks and Whatnot
Attack Models and Terminology
100

program with an overt purpose (known to user) and a covert purpose (unknown to user), makes copies of itself

trojan horse

100

virus that conceals infection of files, able to infect a system without using system subroutines, can intercept operating system calls to access files

stealth viruses

100

a virus composed of a sequence of instructions that are interpreted by application rather than executed directly

macro virus

100

something that could potentially harm an organization's assets, "somebody could hack into your system and steal personal data"

threat

100

a formalization of an attacker in a computer or networked system

cyber adversary model

200

a program that performs an action that violates the site security policy when some external event occurs

logic bombs


200

a virus that does not change size of file

cavity virus

200
a stand that itself from one computer to another

worms

200

actual realization of threat

attack

200

a threat wherein the organization structure is very low, attacks are typically mounted by a single person or a small, loosely affiliated group, attacks unaware of who/what they are attacking

unstructured threat

300

program that inserts itself into one or more files and performs some action, may be based on conditions

virus
300

a virus that changes its form each time it inserts itself into another program

polymorphic viruses

300

a program that absorbs all of some class of resources

rabbits/bacteria

300

a weakness or opening that would allow a threat to be realized

vulnerability

300

organized group of attackers, attackers aware of who they are attacking, targets specifically chosen

structured threat

400

a virus that can infect boot sectors and/or executables

multipartite viruses

400

a virus that is enciphered except for a small deciphering routine

encrypted virus

400

malicious code which is annoying, undesired, and negatively affects performance

grayware

400

the probability (percentage chance) that it will happen

risk

400
examples include nation states, ideological groups, and terrorists, coordinated

highly structured threat

500

"Terminate and Stay Resident", a virus that stays active in memory after the application (or bootstrapping) is completed

TSR Viruses

500

completely rewrites itself after each infection

metamorphic viruses

500

software with little or no benefit sold to naive user with unethical marketing

scareware

500

action taken to minimize or eliminate the effects of the threat

mitigation

500

evidence-based knowledge, helps understand the adversary's decision-making process, monitors for advanced indication and warning of potential attacks

cyber threat intelligence

M
e
n
u