Viruses | Networking Flashcards
(27 cards)
Trojans
generally hidden as a legitimate program that the user downloads/installs and
then transfers to the user computer
○ Attacker usually uses social engineering to fool the user into downloading/installing
○ Can spoof products by using the same icons and names
○ Not usually spread from a device once infected and remain on the host’s computer
○ Once it is installed, it performs malicious actions such as backdooring a computer,
spying on its user, and doing various types of damage
Rootkits
a package giving the highest privileges in the system (think admin level control
down to the OS itself)
○ Software that allows for stealthy presence of unauthorized functionality in the
system
○ Used when the attackers need to backdoor a system and preserve unnoticed access as
long as possible.
○ May register system activity and alter typical behavior in any way desired by the
attacker.
Companion Virus
poses as a legitimate file by copying its file name but uses a different
extension - it doesn’t modify files
Macro Virus
virus that’s written in macro, a programming language rooted inside
software applications like Microsoft Office
○ Uses the mini-basic programming language.
○ Macros are used for automation to increase workflow.
○ Operates by injecting its code into macros attached to the type of popular data files
associated with office work, like Microsoft Word, Excel, or PowerPoint files
○ Can deliver other malware to your system and also uses deception like a Trojan to
spread by hiding under seemingly legitimate files.
Armored Virus
a type of malware designed to evade detection and hinder the analysis
process by using various techniques, such as encryption, obfuscation, or manipulation of
code.
○ These viruses are created to prevent antivirus software from detecting, diagnosing,
and removing them.
Botnet
networks of computers infected by a botnet agent that are under hidden control of
a third party.
○ Used to execute various commands ordered by the attacker.
○ Called a group of zombies.
○ Common uses of botnets are criminal operations that require distributed resources,
such as DDoS attacks on selected targets, spam campaigns, and performing click
fraud.
○ From the moment of infection, botnet agents keep in touch with their remote
Command-and-Control server (C&C)
○ Most common implementation of the C&C is a web-application, contacted by the
client via simple HTTP requests.
Stealth Virus
any virus that attacks while trying to avoid detection by antivirus software.
Polymorphic virus
mutate to change their code while usually retaining their core function.
Employ a polymorphic (mutation) engine to hide their code, usually through
cryptography.
○ The mutation engine modifies the malware’s decryption procedure every time it
replicates, making its new state challenging for conventional antivirus software to
identify.
Multipartite (aka hybrid) virus
a fast-moving virus that uses file infectors or boot infectors
to attack the boot sector and executable files simultaneously.
Ransomware
type of malware identified by specified data or systems being held captive by
attackers until a form of payment or ransom is provided.
Boot sector
The boot sector is a small section at the very beginning of a storage device (like a hard drive, SSD, or USB stick). It contains machine code that tells your computer how to start (boot up) the operating system.
When the boot sector is infected, simply turning on the computer will trigger a boot sector
virus because it latches on to the hard drive that contains the data that is needed to start the
computer.
💡 It’s the very first thing your computer reads when you power it on — even before Windows, macOS, or Linux loads.
Personal Area Network (PAN)
a network that is centered around a person and their devices
(like Bluetooth)
Local Area Network (LAN)
computers connected in a limited area, like home or office.
○ Most often Ethernet, Wi-Fi, or both (remember it can be wired or wireless)
Wireless Local Area Network (WLAN)
same as LAN but wireless – Wi-Fi
Storage Area Network (SAN)
network that allows access to storage devices specifically.
○ Allow servers to access devices such as disk arrays.
○ Presented to OS like any other storage device.
Campus Area Network (CAN)
provides networking of multiple LANs across a limited area,
like a university campus, group of buildings owned by a company, etc.
Metropolitan Area Network (MAN)
covers a whole city or the equivalent of a metropolitan
area.
○ Made up of multiple LANs owned by many entities.
Wide Area Network (WAN)
covers a large geographical area within its network (like the
internet)
○ Used by international companies and governments (banks, for example)
Simplex mode
Transmission mode
Sender can send the data, but the sender can’t receive the data. It is a type of
unidirectional communication in which communication happens in only one
direction. Example of this kind of mode is Keyboard, Traditional Monitors, etc.
Half duplex mode
Transmission mode
Sender can send the data and also receive the data one at a time. It is a type of two-
way directional communication but restricted to only one at a time. An example of
this kind of transmission is the Walkie-Talkie, where the message is sent one at a
time but in both directions.
Full-duplex mode
Transmission mode
Sender can send the data and also can receive the data simultaneously. It is two-way
directional communication simultaneously that is both way of communication
happens at a same time. Example of this kind of transmission is Telephone Network,
where communication happens simultaneously.
Multiplexing
Transmission mode
Multiplexing, or muxing, is a way of sending multiple signals or streams of
information over a communications link at the same time in the form of a single,
complex signal. When the signal reaches its destination, a process called
demultiplexing, or demuxing, recovers the separate signals and outputs them to
individual lines.
Client-server model
centralized network where one or more devices, or servers, provide
services and resources to other devices, or clients.
○ Clients request and receive data from servers which handle processing and storage.
○ More reliable, secure, and efficient than P2P
○ High cost, complex, and require maintenance.
○ Require specialized hardware and software and depend on the functionality and
available of the servers.
○ Suitable for large-scale, permanent, or formal applications, such as web hosting,
email, or database management
Peer-to-peer (P2P)
each machine on the network can act as both server and client (like
Bitcoin and Tor)
○ Easy to setup – minimal hardware and software requirements
○ Users control their own data and resources.
○ Limited performance, reliability, and security
○ Suitable for small-scale, temporary, or informal applications (gaming, file sharing,
and messaging)
