CompTIA Security+ :

SY0-601 Certification Exam

- CompTIA Security+ from SYBEX

- 17 Chapters
- 5 Domains
 FIVE SECURITY+ OBJECTIVE DOMAINS
1.0 Threats, Attacks and Vulnerabilities
24%
DOMAINS COVERED

2.0 Architecture and Design

21%

3.0 Implementation
25%

4.0 Operations and Incident

Response 16%

5.0 Governance, Risk, and

Compliance 14%
Chapter 3 - Malicious Code
THE COMPTIA SECURITY+ EXAM
OBJECTIVES COVERED IN THIS
CHAPTER INCLUDE:
Domain 1.0: Threats, Attacks, and
Vulnerabilities
1.2 Given a scenario, analyze potential
indicators to
determine the type of attack
1.4 Given a scenario, analyze potential
indicators
associated with network attacks
-Understanding Malware: Types
and Characteristics

- Malware Definition: Wide range of software

designed to cause harm or gather information.

-Malware encompasses various forms, including ransomware, Trojans,

bots, and command-and-control infrastructures.

- This chapter delves into the diverse types of malware, exploring their
distinguishing elements, behaviors, and traits.
 Ransomware 5

 Definition: Malware that takes over a computer and then demands a

ransom. E.g. crypto malware, threats of report or exposure.
 Ransomware locks your files and demands money.

 To fight it,
o backup your files and
o know how to respond.
o Anti-ransomware tools
 Trojans 6

 Trojans pretend to be good software but let attackers in.

 It's tough to tell legit tools from bad ones sometimes.
 RATs – Remote access Trojans provides attackers with remote access
to the systems
To fight it,
 Security awareness –don’t download untrusted SW!
 Antimalware tools
 Worms 7

 Worms spread themselves via attacks on vulnerable services.

E.g. email attachments, network file shares, etc.
 Worms self-install
 Stuxnet (2010): 1st implementation of worm as a cyber weapon systems.
Targeted Iranian nuclear program.
Precautions:
 Be careful with email attachments and links.
 Avoid clicking pop-up ads.
 Keep software updated.
 Update passwords regularly.
 Use a VPN for torrenting.
 Encrypt your files for protection.
 Strong updated Anti-virus: detect, remove, and prevent all types
of malware
 How to Remove a Computer Worm 8

 Isolate the infected device.

 Assess the extent of the spread.
 Remove the worm.
 Utilize a specialized worm-removal tool if necessary.
 Rootkits 9

 Rootkits let attackers sneak into your system and hide.

o Provide attackers' backdoor access

o Stealthy, use various concealment techniques
o Detection challenging, trusted system needed
o Removal often requires system rebuild or restoration

 Detecting and removing them is tricky; often, you need to restore

from a safe backup.
 To fight it, backup your files and know how to respond.
 Backdoors 10

 Backdoors give attackers secret access without needing a password.

 Some are put in by manufacturers and are hard to spot.

 Bypass normal authentication, grant unauthorized access

 Software or hardware based, mostly software for Security+ exam
 Often part of malware infections (Trojans, rootkits)

 Detection: unexpected ports, complex tools leverage existing services

 Bots and Botnets 11

 Bots are infected computers controlled by hackers.

 They form botnets, which can do a lot of damage.

 Command and Control servers are like the headquarters of a botnet.

 They help attackers control the botnet and carry out various attacks.
 Infected systems/devices controlled remotely (bots)
 Groups form botnets, attackers use for various purposes
 Denial-of-service attacks, spam relays, further compromises
 Example: Client-server C&C system model
 Command and Control Servers (C&C) 12

 C&C servers are where attackers manage their botnets.

 They can do lots of things, like stealing data, launching big cyber-
attacks, and updating malware.

 Advanced C&C tools let attackers do a range of things.

 They can steal data, launch big attacks, and change tactics if
defenders try to stop them.
Client-server botnet control model 13

Taking down the domain name is the best way to defeat a

fast flux
DNS–based botnet or malware, but not every DNS registrar
is helpful when a complaint is made.
 Understanding Botnets and DDoS Attacks 14

Botnets are networks of infected computers used for attacks.

One common use is launching Distributed Denial-of-Service (DDoS)
attacks.

A denial-of-service (DoS) attack floods a server with traffic, making a

website or resource unavailable.
 How Botnets Work 15

 Botnets overwhelm services with a large number of infected

computers.
 It's hard to spot which computers are causing trouble because they
look normal.
 To fight it, backup your files and know how to respond.
 Detecting DDoS Attacks 16

 Monitoring network traffic helps spot DDoS attacks.

 Tools like SIEM systems and behaviour analysis can help identify
unusual patterns.

 To fight it, backup your files and know how to respond.

 Keyloggers 17

Keyloggers capture keystrokes and other inputs.

Preventing them involves standard security practices and using
multifactor authentication.

To fight it, backup your files and know how to respond.

 Logic Bombs 18

Logic bombs are code that activates under certain conditions.

Though rare, they can cause significant damage if triggered.

To fight it, backup your files and know how to respond.

 Computer Viruses 19

Viruses self-copy and spread through various means.

They come in different types, like memory-resident, boot sector, and
email viruses.

To fight it, backup your files and know how to respond.

 Conclusion 20

Understanding malware types helps in preventing and responding to

attacks.
Stay informed and use best security practices to protect against threats.

To fight it, backup your files and know how to respond.

 Exploring Advanced Malware and Threats 21

Fileless Viruses
Fileless viruses spread through methods like email and malicious
websites.
Once inside a system, they hide in memory and can reinfect upon reboot.

Spyware
Spyware steals information from individuals or organizations.
It tracks browsing habits, software, and can even access web cameras.
 Potentially Unwanted Programs (PUPs) 22

PUPs are unwanted programs often installed without user knowledge.

They include adware, browser toolbars, and can be removed using
antivirus tools.

To fight it, backup your files and know how to respond.

 Malicious Code and Scripts 23

Malicious code includes scripts and custom-built code used by attackers.

They exploit common tools like PowerShell and macros in Office
documents.

To fight it, backup your files and know how to respond.

 Defenses Against Malicious Scripts 24

Defenses against PowerShell attacks include using Constrained Language

Mode and enabling logging.
Educating users to avoid enabling macros on unknown documents helps
prevent attacks.
To fight it, backup your files and know how to respond.
 Adversarial Artificial Intelligence (AI) 25

Adversarial AI involves attackers using AI for malicious purposes.

It can manipulate data to deceive security algorithms or compromise
privacy.

To fight it, backup your files and know how to respond.

 Defending Against Adversarial AI 26

Protecting against adversarial AI requires understanding the quality of

source data and reviewing AI algorithms.
Collaboration between security analysts and AI developers is essential for
effective defense.
To fight it, backup your files and know how to respond.
 Conclusion 27

Trojans pretend to be good software but let attackers in.

It's tough to tell legit tools from bad ones sometimes.

To fight it, backup your files and know how to respond.

 Trojans 28

Trojans pretend to be good software but let attackers in.

It's tough to tell legit tools from bad ones sometimes.

To fight it, backup your files and know how to respond.

 Trojans 29

Trojans pretend to be good software but let attackers in.

It's tough to tell legit tools from bad ones sometimes.

To fight it, backup your files and know how to respond.

 Trojans 30

Trojans pretend to be good software but let attackers in.

It's tough to tell legit tools from bad ones sometimes.

To fight it, backup your files and know how to respond.

 Trojans 31

Trojans pretend to be good software but let attackers in.

It's tough to tell legit tools from bad ones sometimes.

To fight it, backup your files and know how to respond.

 Trojans 32

Trojans pretend to be good software but let attackers in.

It's tough to tell legit tools from bad ones sometimes.

To fight it, backup your files and know how to respond.

 Trojans 33

Trojans pretend to be good software but let attackers in.

It's tough to tell legit tools from bad ones sometimes.

To fight it, backup your files and know how to respond.

 Trojans 34

Trojans pretend to be good software but let attackers in.

It's tough to tell legit tools from bad ones sometimes.

To fight it, backup your files and know how to respond.

 Trojans 35

Trojans pretend to be good software but let attackers in.

It's tough to tell legit tools from bad ones sometimes.

To fight it, backup your files and know how to respond.