Chapter 8: Trojans, Viruses, Worms, & Covert Channels Flashcards
Covert channels
path used to transmit info, but does so in a way that is supposed to be impossible or it uses a process in a way that it was not intended to be used
Malware & the Law (3)
THE COMPUTER FRAUD & ABUSE ACT - addresses federal computer-related offenses
THE PATRIOT ACT - penalties up to 10 years for a 1st offense, 20 years for a 2nd offense; assesses damages to multiple systems over the course of a year to determine if it exceeds $5000
CAN-SPAM ACT - designed to stop spam;
VIRUSES
- self replicating application that attaches itself to executables; typically user action to initiate infectious activities
Sheep dip system
used to investigate, analyze & defend against malware; it is a computer specifically configured to analyze files; The computer is stripped down & includes on those services & apps needed to test the SW
OVERT CHANNELS
communication path or channel used to send info or perform other actions; HTTP and TCP/IP are examples to send info
Using BO2K
used to install server & install that server on victim’s computer to gain access
BO2K executable needs to be ran on target system; the application runs an executable called Umgr32.exe which may be masked as a different process in task manager; if stealth was not configured, the app appears as Remote Administration Service
WRAPPER
- takes payload & merges it with a harmless executable
Polymorphic Virus
rewrites itself, hides payload
Sparse infector virus
infect files selectively
WORMS
- successor to viruses; entirely self-replicating quickly, do not need action performed by user, can be spread across NWs crashing routers, consuming bandwidth & resources
TROJAN HORSES
- provides covert access to a system; looks harmless; goals are similar to worm & virus, but info is transmitted & it is more stealthy
ROOTKITS
- hide within the core components of a system, very difficult to detect
SPYWARE
- collect & forward info about a system or user’s activities in a stealthy manner; most common is keyloggers
ADWARE
- replaces homepages in browsers, places pop-up ads, or installs items on a system to advertise a product or service
SYSTEM/BOOT SECTOR VIRUS
- code in MBR (master boot record), boot seq. is altered, can make HD undetected etc