Deck 10: Malicious Software

To replicate itself, a worm uses some means to access remote systems.

Newer worms are limited to Windows machines

Propagation mechanisms include system corruption, bots, phishing, spyware, and rootkits.

A backdoor is any mechanism that bypasses a normal security check.

Worms cannot spread through shared media, such as USB drives or CD and DVD data disks.

Many forms of infection can be blocked by denying normal users the right to modify programs on the system.

Viruses often morph to evade detection.

A virus, although attached to an executable program, cannot do anything that the program is permitted to do.

Payloads include those used by viruses, worms, and trojans.

A polymorphic virus creates copies during replication that are functionally equivalent but have distinctly different bit patterns, in order to defeat programs that scan for viruses.

Usually, a downloader is sent in an e-mail.

A zombie is a program activated on an infected machine that is activated to launch attacks on other machines.

Malicious software constitutes one of the most significant categories of threats to computer systems.

Microsoft Word, Excel files, and Adobe PDF are document files that are safe from being infected by viruses.

_________ viruses infect scripting code used to support active content in a variety of user document types.

___________ programs are used to send large volumes of unwanted e-mail.

The earliest significant worm infection was released onto the Internet by _________ in 1988.

A _________ is malware that, when executed, tries to replicate itself into other executable code; when it succeeds the code is said to be infected.

The first function in the propagation phase for a network worm is for it to search for other systems to infect, a process known as scanning or __________.

A _________ is a computer program that can run independently and can propagate a complete working version of itself onto other hosts on a network.

__________ capture keystrokes on a compromised system.

A __________ is a set of hacker tools used after an attacker has broken into a computer system and gained root-level access.

A _________ is a computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms.

A __________ uses multiple methods of infection or propagation, to maximize the speed of contagion and the severity of the attack.

Another approach to exploiting software vulnerabilities exploits browser vulnerabilities so that when the user views a Web page controlled by the attacker, it contains code that exploits the browser bug to download and install malware on the system without the user's knowledge or consent.This is known as a __________ and is a common exploit in recent attack kits.

A _________ , also known as a trapdoor, is a secret entry point into a program that allows someone who is aware of the door to gain access without going through the usual security access procedures.

A _________ is a set of programs installed on a system to maintain covert access to that system with administrator privileges, while hiding evidence of its presence to the greatest extent possible.

Unsolicited bulk e-mail, commonly known as ________, imposes significant costs on both the network infrastructure needed to relay this traffic and on users who need to filter their legitimate e-mails out of this flood.

A _________ attack exploits social engineering to leverage a user's trust by masquerading as communications from a trusted source.