Viruses, Worms and Rogue Programs Flashcards
(15 cards)
When were computer viruses invented, and what was the first widespread infection?
Invented in 1984 by Fred Cohen. First widespread infection was the Brain virus in 1986 in the USA, initially thought to be accidental.
How have viruses and worms evolved over time?
Viruses doubled every 9 months. Worms, once rare, became widespread due to Microsoft mail vulnerabilities. By 2001, over 60,000 viruses existed; by 2008, over a million; by 2015, a million malware released daily.
What is the scale of malware threats in recent years?
In 2014, over 150,000 malware circulated daily, compromising 148,000 computers daily. Mobile malware increased by 57% in 2018. CryptoLocker is a notable virus via email attachments.
What is EMET, and how does it enhance security?
Enhanced Mitigation Experience Toolkit (EMET) prevents software vulnerability exploitation using security mitigation technologies, making attacks difficult. It hardens Windows systems before patches or antimalware updates. Replaced by Windows Defender.
What are the two types of computer viruses?
Resident viruses stay active after the host program ends. Non-resident (transient) viruses do not persist after the host program terminates.
Why was the Y2K threat manageable?
Y2K had a clear threat definition, advance warning, and predictable impact time, resulting in minimal harm to systems and people.
What is the process of a zero day exploit?
Attacker discovers vulnerability, manufacturer becomes aware, proof of concept is created, patch is distributed, users implement it. An attack before the patch is a zero day exploit.
What was the Code Red virus, and what does it reveal about exploit timelines?
In 2001, Code Red exploited vulnerabilities with patches available over a month prior. Exploits occurred within hours via websites, with a malicious toolkit in 6 days and a Microsoft patch in 9 days, showing shrinking vulnerability-to-exploit timelines.
What is a trojan horse?
A trojan horse is a program that performs malicious actions beyond its stated function, e.g., ARC513, which pretends to be a data compression utility but deletes files.
Describe a simple trojan example from a batch file.
A batch file named README.BAT with DEL C:*.* Y deletes all files in the root directory of drive C when executed, as it auto-confirms the deletion prompt with “Y”.
How are trojans executed, and what risks do they pose?
Trojans can be executed intentionally or unwittingly via hidden mechanisms (e.g., HTML sequences in web forums or ANSI escape sequences in text files). They can cause significant damage, like file deletion or data loss.
How did ANSI.SYS enable trojan attacks, and what was the impact?
ANSI.SYS driver, loaded in CONFIG.SYS, allowed embedded ANSI escape sequences to redefine keys (e.g., “d” as DEL *.DAT or FORMAT C:). This could lead to disastrous data loss if executed unknowingly.
How were ANSI.SYS trojan vulnerabilities mitigated?
Remove ANSI.SYS from CONFIG.SYS, use replacement drivers that prevent key redefinition, or scan BBS/web forum messages for escape/executable sequences. Modern apps use Windows API, making ANSI.SYS obsolete.
Describe the AIDS trojan attack from 1989.
20,000 disks mailed in London, labeled “AIDS Information Version 2.0,” modified AUTOEXEC.BAT to increment a counter. At a random value (~90), it encrypted files, hid them, and left a blackmail message demanding $200 to renew a software lease.
How do modern systems prevent trojan attacks like those using ANSI.SYS?
Vulnerable technologies like ANSI.SYS are obsolete. BBS and web forums scan for executable sequences, VAX/VMS mail converts escape sequences, and modern apps use secure APIs or direct BIOS routines.
