Lec 12: Malware 1: Viruses and Virus-Defense Flashcards Preview

CSE 127: Intro to Security > Lec 12: Malware 1: Viruses and Virus-Defense > Flashcards

Flashcards in Lec 12: Malware 1: Viruses and Virus-Defense Deck (52)
Loading flashcards...
1

2

Once you've compromised sysem, then what does the malicious software do?

3

What is a virus? What do they require to activate?

4

What is a virus writer's goals?

5

What are the kinds of viruses?

6

What are the things that boot sector viruses affect?

7

How do boot sector viruses work?

8

Why attack the bootstrap?

9

How does a virus attach to host code?

10

What are entry-point obscuring viruses?

11

What are polymorphic viruses?

12

What are metamorphic viruses?

13

Where else can viruses reside?

14

What are macros and how prevalant are they?

15

How was Melissa Macro Virus implemented andw hat was the strategy?

16

What was the behavior of Melissa Macro Virus?

17

What is the source code of melissa virus?

18

What is the transmission rate, damage, and remedy to Melissa macro virus?

19

How do you detect viruses?

20

What are virus signatures? How are they used?

21

What are the issues involved with scanning for virus signatures?

22

What are the steps of a simple virus?

1. User runs an infected program

2. Program transfers control to the virus.

3. Virus locates a new program

4. Virus appends ts logic to the end of the new file

5. virus updates the new program so the virus gets control when the program is launched

23

What are head/tail scanners?

24

With knowledge of head/tail scanners, what did the bad guys do?

25

What is scalpel scanning?

26

What are encrypted viruses and how do they work?

27

What are encrypted viruses?

28

What makes encrypted viruses easy to detect?

29

How do polymorphic viruses work?

30

What are the steps of the polymorphic virus?

1. User executes program

2. virus decrypts itself

3.virus finds new progg

4. mutation engine creates new decryptor

5. virus makes a new copy of itself and encrypts this copy

6. virus appends the new decryptor and encrypted virus body to new file

7. End. we have a new infection