Professional Documents
Culture Documents
CompTIA Security+
SY0-501
CompTIA Security+
CompTIA Security+
Domain 1 –
Threats, Attacks and Vulnerabilities
● Viruses ● Adware
● Spyware
● Crypto-malware
● Bots
● Ransomware ● RAT
● Worm ● Logic bomb
● Trojan ● Backdoor
● Rootkit
● Keylogger
Malware attacks
● Delivery – How it gets to the target
● Propagation – How malware spreads
● Payload – What malware does once it’s there
● Indicators of Compromise (IoC) – An artifact observed
on a network or in an operating system that with high
confidence indicates a computer intrusion.
Types of Malware
● Viruses ● Adware
● Crypto-malware ● Spyware
● Ransomware ● Bots
● Worm ● RAT
● Trojan ● Logic bomb
● Rootkit ● Backdoor
● Keylogger
Viruses
Definition: A program intended to damage a computer system.
Types:
● Armored Virus: A virus that is protected in a way that makes disassembling
it difficult. The difficulty makes it “armored” against antivirus programs that
have trouble getting to, and understanding, its code.
● Companion virus: A virus that creates a new program that runs in the place
of an expected program of the same name.
● Macro virus: A software exploitation virus that works by using the macro
feature included in many applications, such as Microsoft Office.
● Multipartite virus: A virus that attacks a system in more than one way.
Viruses
Definition: A program intended to damage a computer system.
Types:
● Phage virus: A virus that modifies and alters other programs and databases.
● Polymorphic virus: Viruses the changes form or mutates in order to avoid
detection.
● Retrovirus: A virus that attacks or bypasses the antivirus software installed
on a computer.
● Stealth virus: A virus that attempts to avoid detection by anti-virus software
and from the operating system by remaining in memory.
Rootkit
● A clandestine computer program designed to
provide continued privileged access to a computer
while actively hiding its presence.
● Software program that has the ability to obtain
administrator or root-level access and hide from the
operating system.
Worms
● Use the network to replicate copies of themselves to systems
or devices automatically and without user intervention.
● To spread, worms either exploit a vulnerability on the target
system or use social engineering to trick users into executing.
● A worm takes advantage of file-transport or information-
transport features on the system, allowing it to travel unaided.
Bots / Botnets
● Bot: An automated software program (network robot)
that collects information on the web. In its malicious form,
a bot is a compromised computer being controlled remotely
● Bots are also known as “zombie computers” due to their ability to operate
under remote direction without their owners’ knowledge.
Backdoor
Spyware / Adware
● Applications that covertly monitors online behavior
without the user’s knowledge or permission.
● Collected data is relayed to outside parties, often for use in
advertising
● Otherwise, does not harm the infected computer, user or data.
● There is a line between illegal spyware and legitimate data collection.
Exam Preparation
In your role as a security administrator, a user
contacts you suspecting that his computer is infected.
Yesterday he loaded a freeware program to help him
perform a valid job function. What type of malicious
software is most likely the cause of the infection?
A. Rootkit
B. Ransomware
C. Trojan
D. Worm
Exam Preparation
What type of malicious software is
deliberately installed by an authorized user
and sits dormant until some event invokes its
malicious payload?
A. Logic bomb
B. Spyware
C. Trojan horse
D. Armored virus
CompTIA Security+
Domain 1 –
Threats, Attacks and Vulnerabilities