Malicious Software

Question 1

_______ mechanisms include those used by viruses, worms, and Trojans.

Answer 1

Propagate (to spread)

Question 2

______ include system corruption, bots, phishing, spyware, and rootlets.

Answer 2

Payload

Question 3

A ______ _____ uses multiple methods of infection or propagation, to maximize the speed of contagion that and the severity of the attack.

Answer 3

blended attack

Question 4

Virus creation toolkits that were developed in the 1990s to improve the development and deployment of malware.

Answer 4

crimeware

Question 5

What does APT stand for?

Answer 5

Advanced
Persistent
Threats

Question 6

_____ differ from other types of attack by their careful target selection, and persistent, then stealthy, intrusion efforts over extended periods.

Answer 6

APTs

Question 7

What are the three parts of a computer virus?

Answer 7

Infection Mechanism(infection vector)
Trigger(logic bomb)
Payload

Question 8

The means by which a virus spreads or propagates, enabling it to replicate.

Answer 8

Infection Mechanism (infection vector)

Question 9

The even or condition that determines when the payload is activated or delivered.

Answer 9

Trigger (logic bomb)

Question 10

What the virus does, besides spreading. The ___ may involve damage or may involve benign but noticeable activity.

Answer 10

Payload

Question 11

What are the four phases that a typical virus goes through during its lifetime.

Answer 11

Dormant phase
Propagation phase
Triggering phase
Execution phase

Question 12

The virus is idle. The virus will eventually be activated by some event, such as a date, the presence of another program or file, or the capacity of the disk exceeding some limit. Not all viruses have this stage.

Answer 12

Dormant phase

Question 13

The virus places a copy of itself into other programs or into certain system areas on the disk. The copy may not be identical to the propagating version; viruses often morph to evade detection. Each infected program will now contain a clone of the virus, which will itself enter a ________ phase.

Answer 13

Propagation phase

Question 14

The virus is activated to perform the function for which it was intended. As with the dormant phase, the ______ phase can be caused by a variety of systems events, including a count of the number of times that this copy of the virus has made copies of itself.

Answer 14

Triggering phase

Question 15

The function is performed. The function may be harmless, such as a message on the screen, or damaging, such as the destruction of programs and data files.

Answer 15

Execution phase

Question 16

Infects a master boot record or boot record and spread when a system is booted from the disk containing the virus.

Answer 16

Boot sector infector

Question 17

Infects files that the operating system or shell consider to be executable

Answer 17

File infector

Question 18

Infests files with macro or scripting code that is interpreted by an application

Answer 18

Macro virus

Question 19

Infects files in multiple ways. Typically, the ________ virus is capable of infecting multiple types of files, so that virus eradication must deal with all of the possible sites of infection.

Answer 19

Multipartite virus

Question 20

A form of virus that used encryption to obscure its content.

Answer 20

encrypted virus

Question 21

A form of virus explicitly designed to hide itself from detection by anti-virus software.

Answer 21

Stealth virus

Question 22

A form of virus that creates copies during replication that are functionally equivalent but have distinctly different bit patterns, in order to defeat programs that scan for viruses.

Answer 22

Polymorphic virus

Question 23

A virus that mutates with every infection.

Answer 23

Metamorphic virus

Different than polymorphic virus is that it rewrites itself completely at each iteration.

Question 24

____ viruses infect scripting code used to support active content in a variety of user document types.

Answer 24

Macro

Question 25

What makes Macro viruses so threatening?

Answer 25

1. Platform independent 2. Infect documents 3. Easily spread 4. Traditional file system access controls are of limited use in preventing their spread

Question 26

A _____ is a program that actively seeks out more machines to infect, and then each infected machine serves as an automated launching pad for attacks on other machines.

Answer 26

Worm

Question 27

To replicate itself, a worm uses what means to access remote systems?

Answer 27

Electronic mail or instant messenger facility File sharing Remote execution capability Remote file access or transfer capability Remote login capability

Question 28

The first function in the propagation phase for a network worm is for it to search for other systems to infect, a process known as ______ or fingerprinting.

Answer 28

scanning

Question 29

What are the types of network address scanning strategies that a worm can use?

Answer 29

Random Hit-List Topological Local subnet

Question 30

What does the state of the art worn technology include?

Answer 30

``` Multiplatform Multi-exploit Ultrafast spreading Polymorphic Metamorphic Transport vehicles Zero-day exploit ```

Question 31

_______ code often acts as a mechanism for a virus, worm, or Trojan horse to be transmitted to the user's workstation.

Answer 31

Mobile

Question 32

A technique that exploits browser vulnerabilities so that when the user views a Web page controlled by the attacker, it contains code that exploits the browser bug to download and install malware on the system without the user's knowledge or consent.

Answer 32

Drive-by-download

Question 33

Can completely disable the phone, delete data on the phone, or force the device to send costly messages.

Answer 33

Mobile Phone Worms

Question 34

Tricking users to assist in the compromise of their own systems

Answer 34

Social Engineering

Question 35

what is the difference between a bot and a worm?

Answer 35

Worm propagates itself and activates itself | Bot is initially controlled from some central facility

Question 36

Unsolicited Bulk e-mail Significant carrier of malware Used for phishing attacks

Answer 36

Spam

Question 37

Program or utility containing harmful hidden code | Used to accomplish functions that the attacker could not accomplish directly

Answer 37

Trojan Horse

Question 38

First appeared in 2004 | Target is the smartphone

Answer 38

Mobile Phone Trojans

Question 39

Malware that encrypts the users's data and demands payment in order to access the key needed to recover the information

Answer 39

Ransomware

Question 40

Mass mailing worm infecting windows 95 to XP systems. On trigger date causes files on the hard drive to become empty.

Answer 40

Klez

Question 41

First seen in 1998, Windows 95 and 98 virus. Infects executable files and corrupts the entire file system when a trigger date is reached

Answer 41

Chernobyl

Question 42

The collection of bots is referred to as?

Answer 42

botnet

Question 43

A _____ attack is an attack on a computer system or network that causes a loss of service to users.

Answer 43

Distributed denial-of-service (DDoS)

Question 44

Captures keystrokes to allow attacker to monitor sensitive information. Typically uses some form of filtering mechanism that only returns information close to keywords.

Answer 44

Key logger

Question 45

Subverts the compromised machine to allow monitoring of a wide range of activity on the system.

Answer 45

Spyware

Question 46

A spam e-mail may direct a user to a fake Web site controlled by the attacker, which is used to gather a range of private, personal, info on the user

Answer 46

phishing

Question 47

Recipients are carefully researched by the attacker E-mail is crafted to specifically suit its recipient, often quoting a range of information to convince them of its authenticity

Answer 47

Spear-Phishing

Question 48

Enables the anti-virus program to easily detect complex polymorphic viruses and other malware while maintaining fast scanning speeds

Answer 48

Generic Decryption