Quiz (Malware) Flashcards
What is a proactive security?
Prevents incidents before they happen.
What is a reactive security?
Allowing system defenders to identify and mitigate intrusions before they escalate.
Why the need for reactive security? (2 points)
- sophisticated and well-financed threat groups have demonstrated the ability to penetrate networks
- attacks take place over a period of many month
What is data provenance?
Describe the totality of system execution and facilitates causal analysis of system activities.
What is backward tracing?
Reconstructing the chain of events that lead to an attack.
What is forward tracing?
The ramifications of the attack.
What is malware?
Refers to a program that is covertly inserted into another program with the intent to destroy data, run destructive or intrusive programs, or otherwise compromise the confidentiality, integrity or availability of the victim’s data, applications, or OS.
What is virus?
Malicious code that is spread through infected programs or files.
What is worm?
A self-replicating, self-contained program, directly uses a network service to spread itself (without user intervention). Typically exploits a vulnerability in a target to execute code that then exploits more systems.
What is trojan horse?
A self-contained, nonreplicating program that, while appearing to be benign, actually has a hidden malicious purpose.
What is the format of infection for virus? (2 points)
- Encrypt virus code to prevent “signature-based” detection
- Polymorphism to change virus code to prevent signature
A virus lays dormant in your system until you execute it or take some other required actions, while worms do not rely on you to trigger them. T/F
True
How is Zeus (trojan horse malware) being spread?
Drive-by downloads and phishing schemes
What is a trap door?
An undocumented entry point to a module. Inserted during code development to facilitate access or modification in the future.
Who can exploit trap doors?
Original developer or who discovers it
