P2L1 Flashcards

1
Q

types of malware

A
  • needs host program (trap doors, logic bombs, trojan, virus, plugins/extension/scripts)
  • independent (worms, botnets, apts - advance persistent threat)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

trapdoor

A
  • backdoor to the program, only known to the programmer and the hacker
  • typically works by recognizing some special sequence of input
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

logic bomb

A

embedded in legitimate programs, activates when some conditions are met

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

trojan

A

hidden in host program, and executes when the host executes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

virus

A
  • infects a program by changing it.

- self-copy to programs to spread

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

4 stages of virus

A
  • Dormant
  • propagation
  • trigger
  • execution
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Dormant phase

A

program is infected, but not execute yet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

propagation phase

A

virus is spreading

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

trigger phase

A

host runs trigger virus (click email attachment)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

execution phase

A

virus execute, then look for hosts to spread

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

spy on someone

A

trojan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

cripple a computer

A

logic bomb

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

quickly spread

A

virus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

virus structure

A
  • first line: go to main of virus
  • second line: tag (infected or not)
  • main: find and infect other programs, do some damage, go to first line of host to do normal work
  • avoid detection: compress, decompress host
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

parasitic virus

A

scan/infect program

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

memory-resident virus

A

infect running program

17
Q

macro virus

A

embedded in documments

18
Q

boot sector virus

A
  • run/spread when the program is boot
  • load in the bootsector, move the bootstrap loader from the bootsector to some other location, and point to it after doing damage
19
Q

polymorphic virus

A

encrypt part of the virus using a random key

20
Q

boot sector always runs first?

21
Q

how macro virus spread?

A
  • copies itself to the global macro

- activates, spread whenever document is open

22
Q

which virus infects the OS

A

memory resident virus

23
Q

Rookit can hide from the user?

A

yes, by intercepting OS activities

24
Q

how does worm spread

A

use network connection

25
4 generation of antivirus
- simple scanners - heuristic scanner - activity trap - full feature analysis
26
simple scanners
use signatures of known virus
27
heuristic scanner
use integrity checking, checksum
28
activity trap
base on knowledge of malware activities
29
full feature analysis
host-based, network-based, sandboxing-based