Chapter 6

Advanced Persistent Threat

malicious code that attaches itself to a host application. The host application must be executed to run and the malicious code executes when the host application is executed.

• A self-replicating malware tha ttravels throughout a network without the assistance of a host application or user interaction.
• A worm resides in memory and can use different transport protocols to travel over the network.

• A trojan method that has become popular in recent years, also known as scareware.
• Rogueware masquerades as a free antivirus program.

A blackmail technique in ransomware that threatens to publish the encrypted files if the user does not pay.

A malware that turns networked devices running linux into remotely controlled bots to be part of a botnet.

• a group of programs that hides the fact that the system has been infected or compromised by malicious code.
• In additional to modifying internal OS processess, rootkits often modify system files such as the Registry.

hooking refers to when a rootkit intercepts system-level function calls, events, or messages. The rootkit installs ht ehooks into memory and uses them to control the system's behavior.

A classig Nigerian scam where you receive an email from someone claiming a relative or someone else has millions of dollars.

A form of spear phishing that attempts to target high-level executives.

Data execution prevention (DEP) is a security feature that prevents code from executing in memory regions marked as nonexecutible. Main purpose of DEP is to protect a system from malware.

Advanced Malware Protection