Malware Flashcards

1
Q

What kinds of malware needs a host program?

A
Trap Doors
Viruses
Trojan Horses
Logic Bombs
Browser extensions, plugins
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What kinds of malware do not need a host?

A

Worms
Botnets
APTs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a trap door?

A

Contains a secret entry point that is activated by a special input or a specific user

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a logic bomb?

A

Malicious code embedded in the program that is set to go off when certain conditions are met

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a Trojan Horse?

A

Performs malicious activity while the host program is executing

Host program appears normal and doing what it is supposed to. Trojan does work in the background.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is a virus?

A

Malicious code that is spread by modifying an existing program
It finds and checks for uninfected programs before infecting them and using them to spread
Avoids detection by adjusting the size of itself once it has infected the host program

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the four stages of a virus?

A

Dormant
Propagation
Triggering
Execution

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Types of Viruses

A
  • Parasitic (scans/infects programs)
  • Memory-resident (disappears on reboot/resides in memory only)
  • Boot sector (runs/spreads when system is booted)
  • Polymorphic (encrypts part of virus using random key, alters the way it looks)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is a rootkit?

A

Modifies OS code and data structures
Resides in the OS
Intercepts system calls to hide user-level malware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is an internet worm?

A

Uses network connections to spread
Causes resource exhaustion due to repeated infections
Exploits security flaws, such as buffer overflow, trap doors, guessing passwords to gain access
Can accept shell commands
Bootstrap loads itself to the host machine and then fetches instructions
Hard to detect: loads in memory, encrypts itself, changes its name and process ID

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How do we prevent internet worms?

A

Prevention (limit connections to outside world via firewall)
Detection and identification
Removal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the types of antivirus?

A

Simple scanners: checks for signatures
Heuristic scanners
Activity traps: honeypots
Full featured analysis: sandboxes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is a reflected amplification attack?

A

A bot sends multiple requests to NTP and floods packets to a victim it has spoofed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is a botnet?

A

Network of bots controlled by an attacker to perform a coordinated malicious activities
Needs a Command and Control to communicate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What kind of attacks do botnets do?

A
Spam
Keylogging
Data/Identity Theft
DDoS attacks
Clickfraud
Phishing and Pharming
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is an APT?

A

Advanced Persistent Threat
Zero day exploit or a specially crafted malware
Operates in a low and slow manner
Multiple deliberate steps over time

17
Q

What are the two types of malware analysis?

A
Static analysis (what to do if malware executes)
Dynamic analysis (what to do when malware executes)
18
Q

What is packing in malware obfuscation?

A

When parts of the malware are compressed, encrypted, or transformed

Code to unpack is included in the executable