P2L1 Malicious Software Flashcards

1
Q

Types of malware: Needs a Host

A

trap doors, logic bombs, trojan horses, viruses, browser plug-ins, extensions, scripts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Types of malware: Independent

A

Worms, botnets, APT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Trap doors (or back doors)

A

Secret entry point to a program or system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Logic bomb

A

Embedded in some legitimate program

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Trojan Horses

A

Hidden in an apparently useful host program

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Virus

A

Infect a program by modifying it. Can self copy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

4 Stages of a Virus

A
  • -Dormant phase: Program infected, but virus has not been triggered
  • -Propagation phase: Virus is being spread
  • -Triggering phase: When the host program is run, the virus is run.
  • -Execution phase: When the virus runs and performs malicious activities. (also looks to spread)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Email attachment that when opened will be sent to all people in address book

A

virus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Keyboard app that logs user input and sends it to the attacker

A

trojan horse

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Part of a program will only run in the computer is at the user’s home.

A

Logic bomb

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A login program with an undocumented option

A

trapdoor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Virus Structure

A

Virus code has to be physically inserted into the program code. The virus code runs first, then the original program. virus code may run last, too, to do any clean up. Program needs to run cleanly to avoid detection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Types of viruses

A

Parasitic virus: scan/infect programs
Memory-resident virus: infect running programs
Boot sector virus: Runs when the system is booted
Macro virus: executable program embedded in a word processing document; triggered when doc opened
Polymorphic virus: encrypt part of the virus program using randomly generated key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

T/F: Any virus can be polymorphic

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Rootkit

A

Resides in OS. Modifies OS code and data structure. Can hide itself by manipulating functions that list directory contents.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

T/F: Linux, iOS, Windows, and Android have all been infected by rootkits

A

True

17
Q

Rootkit facts

A
  • -All OSes can be affected
  • -Can modify hidden and read-only files
  • -Can spread in any form
  • -Cannot remain in memory after reboot, but since it is a part of the OS, it will return with the OS is restarted
  • -Rootkits cannot affect HW that does not have FW
  • -Rootkits are always malevolent
18
Q

Worms

A

Use network connections to spread from system to system.

19
Q

Malware Prevention and Detection

A

Prevention: Limit contact to outside world
Detection/Identification
Removal

Prevention hampers productivity, so detection is preferred.

20
Q

4 Generations of anti-virus software

A

Simple scanners–use signatures of known viruses. not effective against polymorphic viruses
Heuristic scanners–Integrity checking (checksum). Can be defeated by compressing file to have the same size as the pre-infection file.
Activity traps: Look for specific activities that malware performs. Not effective against newer malware.
Full-featured analysis: State of the art. Host-based, network-based, and sandbox-based.

21
Q

Why are signature-based anti-virus solutions still used?

A
  • -Efficient
  • -Effective against known malware
  • -good first line of defense