Common Terms used in this Forum

[jackuars]

Just thought to create a thread because I had very little knowledge when I came across here back in 2014 and although I picked up many concepts through the way, I thought it would be a better idea if we had a thread guide here that defines some of the main concepts that's been discussed in the forum.

If someone or collectively if you are interested, you could use this thread to share the knowledge among the people, especially the newbies.

To give certain examples:

1. What is ransomware
2. What is a rootkit
3. What is the difference between heuristics & behavioural blocker
4. What are antivirus signatures

and much more.

 

[Rengar]

Rootkit
A rootkit is a clandestine computer program designed to provide continued privileged access to a computer while actively hiding its presence. The term rootkit is a connection of the two words "root" and "kit." Originally, a rootkit was a collection of tools that enabled administrator-level access to a computer or network. Root refers to the Admin account on Unix and Linux systems, and kit refers to the software components that implement the tool. Today rootkits are generally associated with malware – such as Trojans,worms, viruses – that conceal their existence and actions from users and other system processes.

Ransomware
Ransomware is a subset of malware in which the data on a victim's computer is locked, typically by encryption, and payment is demanded before the ransomed data is decrypted and access returned to the victim. The motive for ransomware attacks is nearly always monetary, and unlike other types of attacks, the victim is usually notified that an exploit has occurred and is given instructions for how to recover from the attack. Payment is often demanded in a virtual currency, such as bitcoin, so that the cybercriminal's identity isn't known.

Heuristics and BB
Heuristics inspects the CODE of a file and tries to guess what that code does, and/or checks it for similarities with already known malware to detect new variants. A behavior blocker monitors the ACTIONS performed by a program in real-time like a HIPS does, and steps in when it detects potentially malicious behavior. There is a grey area between the two, as some AVs' heuristics are somewhat behavior-blocker-like (using emulation).

Antivirus Signatures
A virus signature is the fingerprint of a virus. It is a set of unique data, or bits of code, that allow it to be identified. Anti-virus software uses a virus signature to find a virus in a computer file system, allowing to detect, quarantine and remove the virus. In the anti-virus software, the virus signature is referred to as a definition file or DAT file.

 

[tim one]

What are the Advanced Persistent Threat (APT) and how they work.

To better understand what are and how the APT work, first you have to understand that there is a very well programmed strategy, which involves a series of bad actions triggered to short, medium and long range.

Here the stages:

1) Reconnaissance

Cyber criminals, using public sources get e-mail addresses or references of instant messaging, to identify the people who will be the target of their attacks.

2) Intrusion on the network.

With a phishing mail, the attacker begins to infect the machine, thus beginning his first access to the infrastructure. The e-mail message contains malicious links or malicious file attachments.

3) Identity theft

Bad guys get most of the information they need, by intercepting and cloning valid user credentials. Using these credentials, the attackers can access to different systems and compromising in various ways, the security of the victim.

4) Installation of malware

To be able to control the system and perform activities such as the installation of backdoor, password-stealers, receiving emails and listening the running processes, the attackers install on the targered network various malicious tools.

5) The creation of a backdoor

The attackers work to extract from the network the credentials of the domain administrator. This will allow them to move in a transverse way within the network and install backdoors and malware, using a variety of methods: process injection, registry modifications at system level or scheduled services.

6) Data exfiltration

Once they have created the malicious infrastructure, criminals begin to intercept e-mails, attachments and files from the server. Usually they send the stolen data to intermediate servers.

7) Persistence

Even if some attacks are discovered or inactivated, cyber criminals try in every way to maintain their presence on the targeted networks.

 

[philip48us]

I'm as new at this as you will find out quickly. I clicked on a liked thumbs up icon and read under the heading that I had deleted "peoples"! I only wanted to register a like and not a dislike. I'll learn to do better quickly I hope! Sorry if I offended anyone. I'm really not a bad guy - not perfect - not bad!! Thank you!!!