P2L1 Malicious Software Flashcards
Types of malware: Needs a Host
trap doors, logic bombs, trojan horses, viruses, browser plug-ins, extensions, scripts
Types of malware: Independent
Worms, botnets, APT
Trap doors (or back doors)
Secret entry point to a program or system
Logic bomb
Embedded in some legitimate program
Trojan Horses
Hidden in an apparently useful host program
Virus
Infect a program by modifying it. Can self copy
4 Stages of a Virus
- -Dormant phase: Program infected, but virus has not been triggered
- -Propagation phase: Virus is being spread
- -Triggering phase: When the host program is run, the virus is run.
- -Execution phase: When the virus runs and performs malicious activities. (also looks to spread)
Email attachment that when opened will be sent to all people in address book
virus
Keyboard app that logs user input and sends it to the attacker
trojan horse
Part of a program will only run in the computer is at the user’s home.
Logic bomb
A login program with an undocumented option
trapdoor
Virus Structure
Virus code has to be physically inserted into the program code. The virus code runs first, then the original program. virus code may run last, too, to do any clean up. Program needs to run cleanly to avoid detection.
Types of viruses
Parasitic virus: scan/infect programs
Memory-resident virus: infect running programs
Boot sector virus: Runs when the system is booted
Macro virus: executable program embedded in a word processing document; triggered when doc opened
Polymorphic virus: encrypt part of the virus program using randomly generated key
T/F: Any virus can be polymorphic
True
Rootkit
Resides in OS. Modifies OS code and data structure. Can hide itself by manipulating functions that list directory contents.