Quiz (Malware) Flashcards
What is a proactive security?
Prevents incidents before they happen.
What is a reactive security?
Allowing system defenders to identify and mitigate intrusions before they escalate.
Why the need for reactive security? (2 points)
- sophisticated and well-financed threat groups have demonstrated the ability to penetrate networks
- attacks take place over a period of many month
What is data provenance?
Describe the totality of system execution and facilitates causal analysis of system activities.
What is backward tracing?
Reconstructing the chain of events that lead to an attack.
What is forward tracing?
The ramifications of the attack.
What is malware?
Refers to a program that is covertly inserted into another program with the intent to destroy data, run destructive or intrusive programs, or otherwise compromise the confidentiality, integrity or availability of the victim’s data, applications, or OS.
What is virus?
Malicious code that is spread through infected programs or files.
What is worm?
A self-replicating, self-contained program, directly uses a network service to spread itself (without user intervention). Typically exploits a vulnerability in a target to execute code that then exploits more systems.
What is trojan horse?
A self-contained, nonreplicating program that, while appearing to be benign, actually has a hidden malicious purpose.
What is the format of infection for virus? (2 points)
- Encrypt virus code to prevent “signature-based” detection
- Polymorphism to change virus code to prevent signature
A virus lays dormant in your system until you execute it or take some other required actions, while worms do not rely on you to trigger them. T/F
True
How is Zeus (trojan horse malware) being spread?
Drive-by downloads and phishing schemes
What is a trap door?
An undocumented entry point to a module. Inserted during code development to facilitate access or modification in the future.
Who can exploit trap doors?
Original developer or who discovers it
What is a logic bomb?
A program that performs an action that violates the security policy when some external event occurs
What is a bot?
A computer that is infected with malware that accepts remote command from the attacker. A large collection of these systems is called a botnet.
What is ransomware?
A malware designed to extort the user in exchange for access of something of value.
What is crypto-ransomware?
Encrypts data file-by-file, but the attacker keeps a secret from the victim.
What are some financial mechanisms for ransomware?
- cryptocurrency
- premium phone number
- prepaid cards
What are some problems with ransomware?
- C&C server errors
- key reuse
-memory protection - DIY crypto
- key generation
- poor security hygiene
How to handle ransomware?
- decide that a program is or is not malware before it starts encrypting
- monitor for data changes that indicate a problem in progress and alert
What are some ways to distribute malware?
- social engineering (Trojan horse)
- vulnerable systems (buffer overflow, common password)
What is drive-by-download?
when a browser is exploited to install malware without the victim’s knowledge
What are some attacker’s goals?
- personal information
- mayhem
- ransom
- computing resources
What are some static detection approaches?
- examine files for similarity to known malware
- keep hashes of all important files on disk to detect modifications to legitimate files
What are some dynamic detection?
- monitor what happen as program runs, like system call sequences, information flow, network accesses.
