P2L1: Malicious Software

Question 1

Types of malware: Needs a Host

Answer 1

trap doors, logic bombs, trojan horses, viruses, browser plug-ins, extensions, scripts

Question 2

Types of malware: Independent

Answer 2

Worms, botnets, APT

Question 3

Trap doors (or back doors)

Answer 3

Secret entry point to a program or system

Question 4

Logic bomb

Answer 4

Embedded in some legitimate program

Question 5

Trojan Horses

Answer 5

Hidden in an apparently useful host program

Question 6

Virus

Answer 6

Infect a program by modifying it. Can self copy

Question 7

4 Stages of a Virus

Answer 7

–Dormant phase: Program infected, but virus has not been triggered–Propagation phase: Virus is being spread–Triggering phase: When the host program is run, the virus is run.–Execution phase: When the virus runs and performs malicious activities. (also looks to spread)

Question 8

Email attachment that when opened will be sent to all people in address book

Answer 8

virus

Question 9

Keyboard app that logs user input and sends it to the attacker

Answer 9

trojan horse

Question 10

Part of a program will only run in the computer is at the user’s home.

Answer 10

Logic bomb

Question 11

A login program with an undocumented option

Answer 11

trapdoor

Question 12

Virus Structure

Answer 12

Virus code has to be physically inserted into the program code. The virus code runs first, then the original program. virus code may run last, too, to do any clean up. Program needs to run cleanly to avoid detection.

Question 13

Types of viruses

Answer 13

Parasitic virus: scan/infect programsMemory-resident virus: infect running programsBoot sector virus: Runs when the system is bootedMacro virus: executable program embedded in a word processing document; triggered when doc openedPolymorphic virus: encrypt part of the virus program using randomly generated key

Question 14

T/F: Any virus can be polymorphic

Answer 14

True

Question 15

Rootkit

Answer 15

Resides in OS. Modifies OS code and data structure. Can hide itself by manipulating functions that list directory contents.

Question 16

T/F: Linux, iOS, Windows, and Android have all been infected by rootkits

Answer 16

True

Question 17

Rootkit facts

Answer 17

–All OSes can be affected–Can modify hidden and read-only files–Can spread in any form–Cannot remain in memory after reboot, but since it is a part of the OS, it will return with the OS is restarted–Rootkits cannot affect HW that does not have FW–Rootkits are always malevolent

Question 18

Worms

Answer 18

Use network connections to spread from system to system.

Question 19

Malware Prevention and Detection

Answer 19

Prevention: Limit contact to outside worldDetection/IdentificationRemovalPrevention hampers productivity, so detection is preferred.

Question 20

4 Generations of anti-virus software

Answer 20

Simple scanners–use signatures of known viruses. not effective against polymorphic virusesHeuristic scanners–Integrity checking (checksum). Can be defeated by compressing file to have the same size as the pre-infection file.Activity traps: Look for specific activities that malware performs. Not effective against newer malware.Full-featured analysis: State of the art. Host-based, network-based, and sandbox-based.

Question 21

Why are signature-based anti-virus solutions still used?

Answer 21

–Efficient–Effective against known malware–good first line of defense