Malicous Code

Question 1

In 2010 how many strains of Virus’s did Symantec claim to exist?

Answer 1

Over 286

Question 2

What are the two primary functions of a virus?

Answer 2

Propagation and destruction

Question 3

What does a MBR virus do?

Answer 3

Infects/ overwrites the master boot record of a disk/ media.

Question 4

What is the difference between master boot record and master boot sector?

Answer 4

MBR - determines what media partition to boot from.

Master boot sector - sector of disk with boot data.

Question 5

What is the sequence of execution extensions in a windows OS?

Answer 5

.com
.exe
.bat

Question 6

What is a companion virus?

Answer 6

Virus that has an executable name one sequence of execution higher than intended program.

Question 7

What is a service injection virus?

Answer 7

Virus that takes over a trusted OS service ie SVCHOST.exe

Question 8

What are two forms of AV methodology?

Answer 8

1. Signature based

2. Heuristic

Question 9

What actions can a AV platform typically take against a virus?

Answer 9

1. Eradicate and clean.
2. Quarantine.
3. Delete

Question 10

What is a multipartite virus?

Answer 10

Virus that can infect in multiple methods.

Question 11

What is a stealth virus?

Answer 11

Virus that will cover itself from inspection.

Question 12

What is a polymorphic virus?

Answer 12

Virus that changes itself as it moves form system to system.

Question 13

What is an encrypted virus?

Answer 13

Virus that will encrypt portions of its executable to hide.

Question 14

What was the code red worm?

Answer 14

Launched in 2001. Did three things:

1. Port scan to find IIS platforms and exploited weakness.
2. Changed webpages with hack message
3. Turned server into a bot that would attack WH.gov.

Question 15

What is spyware?

Answer 15

Watches activities of users on system.

Question 16

What is adware?

Answer 16

Displays ads on infected system.

Question 17

What is active content?

Answer 17

Code that is downloaded from server to client for local execution.

Question 18

Tripwire is what class of software?

Answer 18

Integrity management.

Question 19

What sort of control mechanisms are in place in Java and ActiveX?

Answer 19

Java - Sandbox

ActiveX - Digital signatures

Question 20

What is whitelisting?

Answer 20

Practice used by administrators to allow specific applications to be executed.

Question 21

What issues lead to zero day vulnerabilities?

Answer 21

1. Delays in announcement and fix

2. Delays in patching

Question 22

What is an alternative to the Unix /etc/passwd file?

Answer 22

/etc/shadow

Question 23

What is a buffer overflow?

Answer 23

When input data exceeds the structure that was built to receive it.

Question 24

What steps should a developer take when dealing with input data?

Answer 24

1. Input cannot exceed data length.
2. Input type cannot be changed int vs char
3. Answers must be checked for validity.

Question 25

What is TOCTTOU?

Answer 25

Time of check to time of use. Validations are constantly checked an immediately effective.

Question 26

What is a back door?

Answer 26

Undocumented commands that allow specific users to bypass security controls.

Question 27

What is cross site scripting attack?

Answer 27

Attack that embeds rouge command in place and sends back to client.

Question 28

What should you do to avoid SQL Injection attack?

Answer 28

1. Strip things like semi-colon and quotes from input fields.
2. Use stored procedures.
3. db IDs should only have read level access.

Question 29

What are some sample firewall rules to protect against IP spoofing?`

Answer 29

1. Packets with internal addresses should never originate from outside.
2. Packets with external addresses should only originate from outside.
3. Private IP ranges don’t move in either direction (in or out).

Question 30

What is another example of session hijacking?

Answer 30

Man in the middle attack.