Section 1.2 Potential indicators to determine the type of attack Flashcards
What type of viruses infect the boot sector or partition table of a disk?
Boot sector virus
What is the best way to remove a boot sector virus from a system?
boot the system using an antivirus or similar emergency recovery data.
What is the most common way a boot sector virus finds its way into a system?
through an infected disk or removable media device that is inserted into the computer.
What kind of virus disguises itself as a legit program?
Companion virus
What kind of virus generally infect the files that have the extension .com or .exe and try to replicate further by infecting other executable programs on the system with the same extension?
File Infector virus
If your computer is afflicted with a file infector virus, you should not do what?
do not attach it to a network because it could start infecting files on other workstations and file servers
What do you call an an instruction that carries out program commands automatically within an application?
Macro
What kind of virus uses the internal workings of the application to perform malicious operations when a file containing the macros is opened?
Macro virus
What kind of virus continues to stay in memory and infect other files that are run at the same time?
Memory-resident virus
What kind of virus hides from antivirus software by encrypting it’s code?
Stealth Viruses
What kind of viruses are designed to make detection and revers engineering difficult and time consuming, either through obfuscation or through techniques that add substantial amounts of confusing code to hide the actual virus code itself?
Armored Virus
What kind of malware changes with each infection?
Polymorphic malware
What kind of malware can recompile itself into a new form, and the code keeps changing from generation to generation?
Metamorphic malware
What is the difference between polymorphic and metamorphic malware?
Metamorphic malware does not decrypt itself to a single constant virus body in memory
What do you call a type of backdoor program that is inserted into application software and allows a remote user root access to the system on which the software is installed, without the permission or knowledge of the user?
Rootkit