P2L1 Flashcards

1
Q

types of malware

A
  • needs host program (trap doors, logic bombs, trojan, virus, plugins/extension/scripts)
  • independent (worms, botnets, apts - advance persistent threat)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

trapdoor

A
  • backdoor to the program, only known to the programmer and the hacker
  • typically works by recognizing some special sequence of input
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

logic bomb

A

embedded in legitimate programs, activates when some conditions are met

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

trojan

A

hidden in host program, and executes when the host executes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

virus

A
  • infects a program by changing it.

- self-copy to programs to spread

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

4 stages of virus

A
  • Dormant
  • propagation
  • trigger
  • execution
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Dormant phase

A

program is infected, but not execute yet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

propagation phase

A

virus is spreading

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

trigger phase

A

host runs trigger virus (click email attachment)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

execution phase

A

virus execute, then look for hosts to spread

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

spy on someone

A

trojan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

cripple a computer

A

logic bomb

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

quickly spread

A

virus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

virus structure

A
  • first line: go to main of virus
  • second line: tag (infected or not)
  • main: find and infect other programs, do some damage, go to first line of host to do normal work
  • avoid detection: compress, decompress host
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

parasitic virus

A

scan/infect program

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

memory-resident virus

A

infect running program

17
Q

macro virus

A

embedded in documments

18
Q

boot sector virus

A
  • run/spread when the program is boot
  • load in the bootsector, move the bootstrap loader from the bootsector to some other location, and point to it after doing damage
19
Q

polymorphic virus

A

encrypt part of the virus using a random key

20
Q

boot sector always runs first?

A

true

21
Q

how macro virus spread?

A
  • copies itself to the global macro

- activates, spread whenever document is open

22
Q

which virus infects the OS

A

memory resident virus

23
Q

Rookit can hide from the user?

A

yes, by intercepting OS activities

24
Q

how does worm spread

A

use network connection

25
Q

4 generation of antivirus

A
  • simple scanners
  • heuristic scanner
  • activity trap
  • full feature analysis
26
Q

simple scanners

A

use signatures of known virus

27
Q

heuristic scanner

A

use integrity checking, checksum

28
Q

activity trap

A

base on knowledge of malware activities

29
Q

full feature analysis

A

host-based, network-based, sandboxing-based