Malicious and Mobile Code (Lesson 9)

Question 1

Time(logic) bomb

Answer 1

a program that is set to execute it’s payload upon a certain condition being met.

Question 2

Worm

Answer 2

Does not need to attach itself to another program to reproduce, attempts to gain access to other systems on a network and then copies itself to these new systems

Question 3

Viruses

Answer 3

a program that reproduces by attaching copies of itself to other programs, often carries a malicious “payload”

Question 4

Trojan horses

Answer 4

A program that appears to do one thing (and may indeed do it) but that hides something else.

Question 5

Program Infector Viruses

Answer 5

Contaminates files that contain computer code, especially .EXE and .COM files but also .SYS and .DLL.
About 85% of viruses (at one time) were program viruses.

Question 6

Boot Viruses

Answer 6

Computer operating systems typically set aside a portion of each disk for code to boot the computer. Under DOS, this section is called a boot sector on floppies or a master boot record (MBR) for hard disks. 
Boot Viruses (or System infectors) store themselves in this area and hence are invoked whenever the disk is used to boot the system.

Question 7

Macro Viruses

Answer 7

Manifested in an auto-exec macro embedded in document files of applications with a macro capability
-e.g. word processors, spreadsheets
First one detected was the Concept virus that infected Microsoft Word document files.
-Detected in July 1995, by the fall it was the most frequently reported virus.
Since the Concept virus, numerous macro viruses have been created.

Question 8

Detection of and Protection against Viruses

Answer 8

Usually you won’t know until something bad happens.
Don’t run programs you can’t trust.
-Shrinkwrap is not always a guarantee
Install a virus checking program
update it frequently
Backup, backup, backup

Question 9

Who does time/logic bombs most often?

Answer 9

Insiders