Comp Security- Week 5B

Question 1

What is a malware?

Answer 1

A malware is a malicious software that needs to be executed in order to cause harm

Question 2

How can a malware get executed?

Answer 2

User action or exploting an existing flaw in a system

Question 3

How can malware get executed using user action?

Answer 3

Downloading and running malware
Viewing a website that contains malware
Opening an executable email attachment
Inserting cd/usb

Question 4

How can malware get executed by exploiting a flaw in system

Answer 4

buffer overflow in network, buffer overflows in email clients or web browser

Question 5

What are the 9 types of malware?

Answer 5

Viruses, trojan horses, logic bombs
Worms, backdoors, spyware
Rootkits, botnets, ransomware

Question 6

What is a virus?

Answer 6

A piece of malware that replicates itself into other programs

Question 7

How can a virus spread between files or computers?

Answer 7

When the file is executed/opened the virus activates and tries to infect other files with copies of itself

Question 8

Virus infection:

Answer 8

to modify an existing non malicious program/document in a way that just execution or opening it will transfer control to virus
by adding its code to the original code

Question 9

A virus often tries to infect the computer itself so every time the computer is booted the virus is activated by..

Answer 9

put itself in boot sector of hard disk
add itself to list of program os runs in boot time

Question 10

How does a virus usually spread?

Answer 10

Through infected files or p2p networks (ex bittorent)

Question 11

A virus requires __ to spread to another machine

Answer 11

User interaction

Question 12

A virus has some sort of payload its meant to do and when it activates what can happen?

Answer 12

A payload is what a virus is meant to do
When it activates it van erase hard drive, corrupt spread sheets, install key stroker, attack a website etc.

Question 13

What is a polymorphic virus?

Answer 13

Instead of making perfect copies of itself every time it infects a new file or host it makes a modified copy instead. Often done by having most of the virus code encrypted

Question 14

What is a trojan / trojan horse?

Answer 14

A malicious code hidden in an apparently useful host program and when it is executed the trojan does something harmful or unwanted.
User must be tricked into executing host program

Question 15

What is a logic bomb?

Answer 15

A malicious code hiding in software already waiting for a certain trigger to “go off” so it can execute its payload
Its usually written by insiders
Payload is dire- erase or corrupt data

Question 16

What is a worm?

Answer 16

A self contained piece of code that can replicate with little to no user involvement

Question 17

How do worms infect?

Answer 17

Use security flaws as a path to infection
1. Exploits security flaw in some software on computer
2. Searches for other computers (on local network or internet) to infect
3. May or may not be payload that activates at certain time or by trigger

Question 18

Worm vs. virus

Answer 18

The difference is in the way its spread
Virus: needs user involvement, spread by email, airdrop, usb etc.
Worm: No/ little user involvement needed

Question 19

“Wannacry” ransomware

Answer 19

Holds your computer hostage until you pay a ransom
Once it infects computer it encrypts all the data and you must pay a fee to get access back
Spread through standard file sharing technology server message block (smb)