Lesson 11.1 - Internet Worms Flashcards Preview

CS6250 Test 3 > Lesson 11.1 - Internet Worms > Flashcards

Flashcards in Lesson 11.1 - Internet Worms Deck (12):

What is a Virus?

An "Infection" of an existing program that results in the modification of behavior.


What is an Internet Worm?

usually spread by exploiting flaws in existing programs or open services


What is a parasitic virus?

Typically infects an existing executable file.


What is a memory-resident virus?

Infects running programs


What is a boot sector virus?

A virus that spreads whenever the system is booted.


What is a polmorphic virus?

A virus that encrypts part of the virus program using a randomly generated key.


What is the difference between Worms and viruses?

Viruses: Spread manually
Worms: Spread automatically by scanning for vulnerabilities. A worm can use any of the virus techniques to gain initial access.


What is the main difference between a worm and a vius?
A. Worms do not have destructive payloads?
B. Viruses only infect windows machines
C. Viruses can spread more rapidly
D. Worms can spread automatically



What are the three steps in a worm's "life-cycle"?

1. Discover/"scan" for vunerable hosts
2. Infect vulnerable machine via remote exploit
3. Remain undiscoverable


How do we model fast-spreading worms

Using the Random Constant Spread model
K: Initial compromise rate
N: Number of vulnerable hosts
a: fraction of hosts already compromised.
Nda: Newly infected in dt
Nda = (Na)*K(1-a)dt


How to increase initial compromise rate?

1. Hit List: List of vulnerable hosts (recon)
2. Permutation scanning: Shared permutation of IP address lists. Start from own IP + work down, ensuring compromised lists don't duplicate work


What allowed the slammer worm to spread quickly?
A: TCP / reliable transport
B: UDP / connectionless transport
C: Infected many OS types
D: Could fit in a single packet

B & D