Chapter 6

Question 1

one of the most significant categories of threats to computer systems

Answer 1

malware/malicious software

Question 2

a program that is inserted into a system with the intent of compromising the confidentiality, integrity or availability of the victim’s data

Answer 2

malware

Question 3

infection of existing executable or interpreted content by viruses that is subsequently spread to other system

Answer 3

Propagation mechanism

Question 4

preformed by malware once it reaches a target system can include corruption

Answer 4

Payload action

Question 5

it includes a variety of propagation mechanisms and payload modules that even novices can combine,select and deploy

Answer 5

crimeware/toolkits

Question 6

is prominent, recent, example of such attack kit

Answer 6

Zeus crimeware

Question 7

is a piece of software that can infect other programs by modifying them

Answer 7

computer virus

Question 8

computer virus has three parts:

Answer 8

• Infection mechanism
• Trigger
• Payload

Question 9

the means by which a virus spreads or propagates, enabling it to replicate

Answer 9

Infection mechanism

Question 10

The event or condition that determine or delivered when the payload is activated

Answer 10

Trigger

Question 11

What the virus does, besides spreading.

Answer 11

Payload

Question 12

Four phases of typical virus

Answer 12

• Dormant phase
• Propagation phase
• Triggering phase
• Execution phase

Question 13

virus classification by target

Answer 13

• Boot sector infector
• File infector
• Macro virus
• Multipartite virus

Question 14

virus classification by concealment

Answer 14

• Encrypted virus
• Stealth virus
• polymorphic virus
• Metamorphic virus

Question 15

Creates copies during replication that are functionally equivalent but have distinctly different bit patterns

Answer 15

Polymorphic virus

Question 16

The portion of the virus that is responsible for generating keys and performing encryption/decryption is referred to as the _____

Answer 16

mutation engine

Question 17

is a program that actively seeks out more machines to infect, and then each infected machine serves as an automated launching pad for attacks on other machines

Answer 17

Worm

Question 18

Worm Replication

Answer 18

• Email or IM
• file sharing
• remote execution capability
• Remote file access or transfer capability
• Remote login capability

Question 19

• first fucntion in the propagation phase for a network worm

- searches for other systems to infect

Answer 19

Scanning/fingerprinting

Question 20

Scanning strategies that a worm can use

Answer 20

• Random
• Hit-list
• Topological
• Local Subnet

Question 21

• Well-known Worm infection

- it was designed to spread on UNIX systems and used a number of different techniques for propagation

Answer 21

The Morris worm

Question 22

NImda worm used variety of distribution methods:

Answer 22

• Email
• Windows shares
• Web Server
• Web clients
• Backdoors

Question 23

the state of the art in worm technology:

Answer 23

• Multiplatform
• Multi-exploit
• Ultrafast spreading
• Polymorphic
• Metamorphic
• Transport Vehicles
• Zero-day exploit

Question 24

this refers to programs that can be shipped unchanged to heterogeneous collection of platforms and execute with identical semantics

Answer 24

• Mobile code