Deck 6: Malicious Software

Many forms of infection can be blocked by denying normal users the right to
modify programs on the system.

Programmers use backdoors to debug and test programs.

A macro virus infects executable portions of code.

A virus that attaches to an executable program can do anything that the
program is permitted to do.

Metamorphic code is software that can be shipped unchanged to a
heterogeneous collection of platforms and execute with identical semantics.

Keyware captures keystrokes on a compromised system.

Packet sniffers are mostly used to retrieve sensitive information like
usernames and passwords.

A Trojan horse is an apparently useful program containing hidden code that,
when invoked,performs some harmful function.

E-mail is a common method for spreading macro viruses.

A bot propagates itself and activates itself,whereas a worm is initially
controlled from some central facility.

A logic bomb is the event or condition that determines when the payload is
activated or delivered.

In addition to propagating,a worm usually carries some form of payload.

Malicious software aims to trick users into revealing sensitive personal data.

A _________ is a set of programs installed on a system to maintain covert access to that system with administrator (root)privileges while hiding evidence of its presence.

A __________ virus is explicitly designed to hide itself from detection by anti-virus software.

Sometimes known as a "logic bomb",the __________ is the event or condition that determines when the payload is activated or delivered.

A __________ uses multiple methods of infection or propagation to maximize the speed of contagion and the severity of the attack.

__________ code refers to programs that can be shipped unchanged to a heterogeneous collection of platforms and execute with identical semantics.

A computer __________ is a piece of software that can "infect" other programs or any type of executable content and tries to replicate itself.

During the __________ phase the virus is activated to perform the function for which it was intended.

Sometimes referred to as the "infection vector",the __________ is the means by which a virus spreads or propagates.

A __________ is a collection of bots capable of acting in a coordinated manner.

The four phases of a typical virus are: dormant phase,triggering phase,execution phase and __________ phase.

A __________ is when a user views a Web

Countermeasures for malware are generally known as _________ mechanisms because they were first developed to specifically target virus infections.

__________ technology is an anti-virus approach that enables the anti-virus program to easily detect even the most complex polymorphic viruses and other malware,while maintaining fast scanning speeds.

Developed by IBM and refined by Symantec,the __________ provides a malware detection system that will automatically capture,analyze,add detection and shielding,or remove new malware and pass information about it to client systems so the malware can be detected before it is allowed to run elsewhere.

A bot can use a __________ to capture keystrokes on the infected machine to retrieve sensitive information.