Deck 6: Malicious Software

Keyware captures keystrokes on a compromised system.

A virus that attaches to an executable program can do anything that theprogram is permitted to do.

Metamorphic code is software that can be shipped unchanged to aheterogeneous collection of platforms and execute with identical semantics.

Many forms of infection can be blocked by denying normal users the right tomodify programs on the system.

Malicious software aims to trick users into revealing sensitive personal data.

A bot propagates itself and activates itself, whereas a worm is initiallycontrolled from some central facility.

In addition to propagating, a worm usually carries some form of payload.

A macro virus infects executable portions of code.

A Trojan horse is an apparently useful program containing hidden code that,when invoked, performs some harmful function.

E-mail is a common method for spreading macro viruses.

Every bot has a distinct IP address.

It is not possible to spread a virus via a USB stick.

Programmers use backdoors to debug and test programs.

Packet sniffers are mostly used to retrieve sensitive information likeusernames and passwords.

A logic bomb is the event or condition that determines when the payload isactivated or delivered.

A computer __________ is a piece of software that can "infect" other programs or any type of executable content and tries to replicate itself.

A __________ is when a user views a Web page controlled by the attacker that contains a code that exploits the browser bug and downloads and installs malware on the system without the user's knowledge or consent.

Sometimes referred to as the "infection vector", the __________ is the means by which a virus spreads or propagates.

A _________ is a set of programs installed on a system to maintain covert access to that system with administrator (root) privileges while hiding evidence of its presence.

A __________ virus is explicitly designed to hide itself from detection by anti-virus software.

A __________ uses multiple methods of infection or propagation to maximize the speed of contagion and the severity of the attack.

The four phases of a typical virus are: dormant phase, triggering phase, execution phase and __________ phase.

Sometimes known as a "logic bomb", the __________ is the event or condition that determines when the payload is activated or delivered.

__________ code refers to programs that can be shipped unchanged to a heterogeneous collection of platforms and execute with identical semantics.

During the __________ phase the virus is activated to perform the function for which it was intended.

A bot can use a __________ to capture keystrokes on the infected machine to retrieve sensitive information.

Countermeasures for malware are generally known as _________ mechanisms because they were first developed to specifically target virus infections.

A __________ is a collection of bots capable of acting in a coordinated manner.

Because __________ software can block suspicious software in real time, it has an advantage over such established anti-virus detection techniques as fingerprinting or heuristics.

Two types of perimeter monitoring software are _________ monitoring and egress monitoring.