Module 7 - Malware Threats Flashcards
Malware Concepts:
Is a malicious software that damages or disables computer systems and gives limited or full control of the systems to the malware creator for the purpose of theft or fraud.
a. Spyware
b. Underwear
c. Adware
d. Malware
d. Malware
Malware Concepts:
A malicious code that breaches the system security via software vulnerabilities to access information or install malware.
a. Crypter
b. Downloader
c. Dropper
d. Exploit
e. Wrapper
f. Obfuscator
d. Exploit
Trojan Concepts:
- Binds a Trojan executable with genuine looking .EXE applications such as games or office application.
- When the user runs the .EXE, it first installs the Trojan in the backgroup and then runs the application in the foreground.
- Attackers might send a birthday greeting that will install a Trojan as the user watches, for example, a birthday cake dancing across the screen.
a. Crypter
b. Downloader
c. Dropper
d. Exploit
e. Wrapper
f. Obfuscator
e. Wrapper
Trojan Concepts:
- This Trojan works like a remote desktop access.
- Hacker gains complete GUI access to the remote system.
a. Command Shell Trojans
b. Remote Access Trojans
c. Mobile Trojans
d. Covert Channel Trojans
e. Backdoor Trojans
b. Remote Access Trojans
Trojan Concepts:
- This Trojan presents various exploitation techniques, creating arbitrary data transfer channels in the data streams authorized by a network access control system.
- It enables attackers to get an external server shell from within the internal network and vice-versa.
a. Command Shell Trojans
b. Remote Access Trojans
c. Mobile Trojans
d. Covert Channel Trojans
e. Backdoor Trojans
d. Covert Channel Trojans
Virus and Worm Concepts:
Infect the system boot sector and the executable files at the same time.
a. Macro Viruses
b. Multipartite Viruses
c. Cluster Viruses
d. Stealth Viruses/Tunneling Viruses
b. Multipartite Viruses
Virus and Worm Concepts:
- Infect files created by Micorsoft Word or Excel.
- Infect templates or convert infected documents into template files, while maintaining their appearance of ordinary documents files.
a. Macro Viruses
b. Multipartite Viruses
c. Cluster Viruses
d. Stealth Viruses/Tunneling Viruses
a. Macro Viruses
Virus and Worm Concepts:
- These viruses evade the anti-virus software by intercepting its requests to the operating system.
- A virus can hide itself by intercepting the anti-virus software’s request to read the file and passing the request to the virus, instead of the OS.
a. Macro Viruses
b. Multipartite Viruses
c. Cluster Viruses
d. Stealth Viruses/Tunneling Viruses
d. Stealth Viruses/Tunneling Viruses
Virus and Worm Concepts:
- Is a code that mutates while keeping the original algorithm intact.
- A well-written ______ virus therefore has no parts that stay the same on each infection.
a. Polymorphic Viruses
b. Metaporphic Viruses
c. Logic Bomb Viruses
d. Companion/Camouflage Viruses
a. Polymorphic Viruses
Comments:
The hint here to solve the questions is: keeping the original algorithm.
Polymorphic virus -> encrypt itself with a variable encryption key so that each copy of the virus looks different (because it’s encrypted with a different key). not all of the virus is encrypted, mind you, because the virus needs to decrypt itself in order to operate. as such there is a decryption stub that remains unencrypted and in the simplest polymorphic viruses this stub also remains constant (that part of it always looks the same) so it can be used to detect the presence of the virus. further, because the virus has to decrypt itself in order to operate, and because the unencrypted form of the virus doesn’t change, AV products are often able to recognize the virus by emulating its execution for long enough that it will decrypt itself and then examining the result.
Metamorphic virus is one that can translate and rewrite it’s own code so that, once again, each copy of the virus looks different. unlike polymorphic viruses, metamorphic viruses don’t really require a decryption stub because they aren’t encrypted. when the virus creates a new copy of itself it translates it’s existing instructions into functionally equivalent instructions in a new code.. As a result, no part of the virus remains constant and the virus is never returned to it’s original form during execution, which makes it more difficult for AV products to recognize.
Virus and Worm Concepts:
- Creates a companion file for each executable file the virus infects.
- May save itself as notepad.com and every time a user executes notepad.exe (good program), the computer will load notepad.com (virus) and infect the system.
a. Polymorphic Viruses
b. Metaporphic Viruses
c. Logic Bomb Viruses
d. Companion/Camouflage Viruses
d. Companion/Camouflage Viruses
Virus and Worm Concepts:
Is a virus that is triggered by a response to an event.
a. Polymorphic Viruses
b. Metaporphic Viruses
c. Logic Bomb Viruses
d. Companion/Camouflage Viruses
c. Logic Bomb Viruses
Virus and Worm Concepts:
- Replicates on its own.
- Malicious programs that replicate, execute, and spread across the network connections independently, consuming available computing resources without human interaction.
Worms
Malware Analysis:
Is a windows built-in utility used for checking integrity of the files and track changes to the files.
a. Tripwire File Integrity Manager
b. Verisys
c. Netwrix Auditor
d. SIGVERIF
d. SIGVERIF
Malware Analysis:
- Are parts of the Windows OS that allow external applications to access OS information such as file systems, threads, errors, registry, kernel, etc.
a. APIs (Application Programming Interfaces)
b. GFI LanGuard
c. Sonar
d. Nessus
a. APIs (Application Programming Interfaces)
Malware Penetration Testing:
Check the data files for modification or manipulation by opening several files and comparing the hash value of these files with a pre-computed hasing using tools like: (Choose 2)
a. SIGVERIF
b. Solarwinds
c. SysAnalyzer
d. Tripwire
a. SIGVERIF
d. Tripwire
