|
|
|
|
|
|
|
|
|
File-less malware
| Глоссарий терминов по социальной инженерии и информационной безопасности |
This malware is extremely difficult to detect as it’s not written to the systems’ disk. instead, such infections reside in the systems’ memory, which can be within the windows registry, in a rootkit or the infection piggybacks on powershell.
|
|
Malware, английский
- Software that fulfills the deliberately harmful intent of an attacker when run. malware
- Software that is surreptitiously installed on a computer to damage, compromise, or acquire data. it may also be used to for unauthorized accessibility to the function of the computer e.g. cause damage to a machine controlled by the computer
- An umbrella term used to describe any malicious software. traditionally, the target of most malware attacks has been personal computers that run windows or apple operating systems. but now malware is being increasingly targeted at mobile devices that run android and ios. in august 2016, pegasus malware was discovered on ios (iphones) that could read text messages, track calls, collect passwords and track phone locations. the malware could also intercept data from other apps, such as gmail and viber. the proliferation of mobile malware is a worrying trend. numerous studies have shown that users are more likely to download malware infected apps and click on malware infected weblinks because of the smaller screen sizes. malware infections on end-user systems are often the starting point of further attacks since login credentials for email accounts and network servers can be harvested using malware – thus giving attackers the keys to the kingdom as it were.
Malware scanner, английский
Software used to scan for and eradicate malicious software. mam (n)
Malware, malicious software, английский
|
Form grabbing, английский
Malware that works by capturing data in a web form before the form is submitted. it is considered more effective than keylogging software, as it captures data even when a virtual keyboard, autofill or copy and paste is used. https-enabled websites are not immune from this attack vector either, as the data is captured before it gets encrypted. the infamous zeus and tinybanker trojans extensively used form grabbing as a mechanism for stealing credentials for online banking. form grabbing can be mitigated by using anti-virus, an updated browser and eschewing the installation of browser plug-ins.
Evil twin, английский
A wireless access point or computing device that spoofs the legitimate access point’s ssid or uses a similar name to another network. this can be used to instigate a man-in-the-middle attack where wireless communications between a client device, such as a laptop or smartphone, are intercepted by the attacker, resulting in stolen data, passwords or credit card numbers. during it security awareness training, users should be reminded of the importance of using bona fide wi-fi networks and vpns when accessing the internet in public places or whatever their it security policy deems safe.
|
|
|
|
|
|
|
