Chapter 8: Trojans, Viruses, Worms, & Covert Channels Flashcards

1
Q

Covert channels

A

path used to transmit info, but does so in a way that is supposed to be impossible or it uses a process in a way that it was not intended to be used

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Malware & the Law (3)

A

THE COMPUTER FRAUD & ABUSE ACT - addresses federal computer-related offenses

THE PATRIOT ACT - penalties up to 10 years for a 1st offense, 20 years for a 2nd offense; assesses damages to multiple systems over the course of a year to determine if it exceeds $5000

CAN-SPAM ACT - designed to stop spam;

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

VIRUSES

A
  • self replicating application that attaches itself to executables; typically user action to initiate infectious activities
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Sheep dip system

A

used to investigate, analyze & defend against malware; it is a computer specifically configured to analyze files; The computer is stripped down & includes on those services & apps needed to test the SW

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

OVERT CHANNELS

A

communication path or channel used to send info or perform other actions; HTTP and TCP/IP are examples to send info

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Using BO2K

A

used to install server & install that server on victim’s computer to gain access

BO2K executable needs to be ran on target system; the application runs an executable called Umgr32.exe which may be masked as a different process in task manager; if stealth was not configured, the app appears as Remote Administration Service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

WRAPPER

A
  • takes payload & merges it with a harmless executable
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Polymorphic Virus

A

rewrites itself, hides payload

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Sparse infector virus

A

infect files selectively

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

WORMS

A
  • successor to viruses; entirely self-replicating quickly, do not need action performed by user, can be spread across NWs crashing routers, consuming bandwidth & resources
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

TROJAN HORSES

A
  • provides covert access to a system; looks harmless; goals are similar to worm & virus, but info is transmitted & it is more stealthy
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

ROOTKITS

A
  • hide within the core components of a system, very difficult to detect
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

SPYWARE

A
  • collect & forward info about a system or user’s activities in a stealthy manner; most common is keyloggers
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

ADWARE

A
  • replaces homepages in browsers, places pop-up ads, or installs items on a system to advertise a product or service
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

SYSTEM/BOOT SECTOR VIRUS

A
  • code in MBR (master boot record), boot seq. is altered, can make HD undetected etc
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

MACRO VIRUSES

A
  • takes adv. of embedded languages (word, excel, etc) designed to hide in those files & change configurations
17
Q

CLUSTER VIRUSES

A

This virus alters the file-allocation tables on a storage
device, causing file entries to point to the virus instead of the real file. In practice, this
means that when a user runs a given application, the virus runs before the system
executes the actual file.

18
Q

STEALTH/TUNNELING VIRUS

A

designed to employ various mechanisms to evade
detection systems. Stealth viruses employ unique techniques including intercepting
calls from the OS and returning bogus or invalid responses that are designed to fool or
mislead.

19
Q

ENCRYPTION VIRUSES

A

uses an encryption algorithm to encrypt and decrypt the virus multiple times as it replicates and infects. Each time the infection process
occurs, a new encryption sequence takes place with different settings, making it
difficult for antivirus software to detect the problem.

20
Q

CAVITY/FILE-OVERWRITING VIRUSES

A
  • hides in host file without changing file’s appearance;
21
Q

SPARSE-INFECTOR VIRUSES

A
  • avoid detection by carrying out infectious actions sporadically or on files of certain length or type, etc
22
Q

COMPANION/CAMOUFLAGE VIRUS

A
  • enables SW w/ the same name, but different extensions (i.e. if you execute program.exe, the virus may create program.com & execute that instead)
23
Q

LOGIC BOMB

A

designed to lie in wait until a predetermined event or action occurs.
When this event occurs, the bomb or payload detonates and carries out its intended or
designed action. Logic bombs have been notoriously difficult to detect because they do
not look harmful until they are activated—and by then, it may be too late. In many
cases, the bomb is separated into two parts: the payload and the trigger. Neither looks
all that dangerous until the predetermined event occurs.

24
Q

FILE/MULTIPARTITE VIRUS

A

infect systems in multiple ways using multiple attack
vectors, hence the term multipartite. Attack targets include the boot sector and
executable files on the hard drive. What makes such viruses dangerous and powerful
weapons is that to stop them, you must remove all of their parts. If any part of the
virus is not eradicated from the infected system, it can reinfect the system.

25
Q

SHELL VIRUSES

A

are another type of virus where the software infects the target
application and alters it. The virus makes the infected program into a subroutine that
runs after the virus itself runs.

26
Q

CRYPTOVIRUSES

A

hunt for files or certain types of data on a system and then encrypt it.
Then the victim is instructed to contact the virus creator via a special email address or
other means and pay a specified amount (ransom) for the key to unlock the files.