Deck 6: Malicious Software

Programmers use backdoors to debug and test programs.

A bot propagates itself and activates itself,whereas a worm is initially
controlled from some central facility.

A Trojan horse is an apparently useful program containing hidden code that,
when invoked,performs some harmful function.

A virus that attaches to an executable program can do anything that the
program is permitted to do.

A logic bomb is the event or condition that determines when the payload is
activated or delivered.

Keyware captures keystrokes on a compromised system.

Malicious software aims to trick users into revealing sensitive personal data.

E-mail is a common method for spreading macro viruses.

Packet sniffers are mostly used to retrieve sensitive information like
usernames and passwords.

Metamorphic code is software that can be shipped unchanged to a
heterogeneous collection of platforms and execute with identical semantics.

In addition to propagating,a worm usually carries some form of payload.

Many forms of infection can be blocked by denying normal users the right to
modify programs on the system.

A macro virus infects executable portions of code.

Every bot has a distinct IP address.

During the __________ phase the virus is activated to perform the function for which it was intended.

Sometimes referred to as the "infection vector",the __________ is the means by which a virus spreads or propagates.

A __________ is when a user views a Web page controlled by the attacker that contains a code that exploits the browser bug and downloads and installs malware on the system without the user's knowledge or consent.

A __________ is a collection of bots capable of acting in a coordinated manner.

__________ code refers to programs that can be shipped unchanged to a heterogeneous collection of platforms and execute with identical semantics.

The four phases of a typical virus are: dormant phase,triggering phase,execution phase and __________ phase.

A computer __________ is a piece of software that can "infect" other programs or any type of executable content and tries to replicate itself.

Sometimes known as a "logic bomb",the __________ is the event or condition that determines when the payload is activated or delivered.

A _________ is a set of programs installed on a system to maintain covert access to that system with administrator (root)privileges while hiding evidence of its presence.

A __________ virus is explicitly designed to hide itself from detection by anti-virus software.

A __________ uses multiple methods of infection or propagation to maximize the speed of contagion and the severity of the attack.

Countermeasures for malware are generally known as _________ mechanisms because they were first developed to specifically target virus infections.

__________ technology is an anti-virus approach that enables the anti-virus program to easily detect even the most complex polymorphic viruses and other malware,while maintaining fast scanning speeds.

Developed by IBM and refined by Symantec,the __________ provides a malware detection system that will automatically capture,analyze,add detection and shielding,or remove new malware and pass information about it to client systems so the malware can be detected before it is allowed to run elsewhere.

A bot can use a __________ to capture keystrokes on the infected machine to retrieve sensitive information.