Intro To Cyber Security Exam 1 IT
(QUESTIONS WITH 100% CORRECT
ANSWER
virus
a program that self-replicates, rapid spread, can reduce the functionality and responsiveness of the a
network
2 ways a virus can spread
1. scan your computer for connections to a network and then copy itself to other machines on the
network to which your computer has access 2. read your email address book and and email itself to
everyone in your address book.
Macro
(type of virus) infect the macros in office documents (macros are mini programs written in Microsoft
Office) these can also be written as a virus, if the script is attached to an email and the recipient is
using Outlook, then the script can execute
Multi-partite
type of virus that attacks the computer in multiple ways such as the boot sector of the hard disk and
one or more files
memory resident
type of virus that installs itself and then remains in RAM from the time the computer is booted up to
when it is shut down
armored
type of virus that uses a technique that makes it hard to analyze, uses code confusion so that if the
virus is disassembled, the code won't be easily followed
sparse infector
type of virus that attempts to elude detection by performing its malicious activities only sporadically.
the user will see symptoms for a short time, then no symptoms for a time
polymorphic
type of virus that changes its form from time to time to avoid detection by antivirus software. (the
advanced form is metamorphic virus that can completely change itself)
Rombertik
used the browser to read user credentials to websites, sent as an email attachment, either will
overwrite the master boot on the hard drive, making the machine unbootable, or begin encrypting
files in the user's home directory
Gameover ZeuS
,virus that creates a peer-to-peer botnet, establishes encrypted communication between infected
computers and the command and control computer, allowing the attacker to control the various
infected computers
CryptoLocker
uses asymmetric encryption to lock the user's files
CryptoWall
uses asymmetric encryption to lock the user's files and encrypts sensitive files, communicates with a
command and control server and take a screen shot of the infected machine
FakeAV
a fake virus that would pop up fake virus warnings
MacDefender
targets Macintosh computers, imbedded in some sites so when a user visits the sites, the user is given
a fake virus scan to tell that they have a virus and needs to be fixed. the fix is a virus and the point of
the virus is to get the end user to purchase the MacDefender product
Troj/Invo-Zip
classic worm/ trojan horse that is transmitted as a zip file attached to an email. the email claims to
have an attachment that is invoice or tax related, if the receipent doesn't open the attachment, the
worm installs spyware and disables the firewall, and attempts to get financial information and takes
screen shots of the user's desktop
W32/Netsky-P
spreads primarily through email but also uses file sharing utilities to copy itself. it copies itself to
directories and shared folders, and copies itself to C:\WINDOWS\FVProtect.exe. to make people think
it is apart of some antivirus utility
The Sobig Virus
a virus that used more than one mechanism to spread and infect machines. would copy itself to any
shared drives on your network and would email itself out to everyone in your address book. it didn't
delete or damage any files, but just bogged down the networks that infected it.
The Mimail Virus
virus that collected emails from your address book and from other documents on your machine, it
had its own built-in email engine so it didn't have to piggy back off your email client
The Bagle Virus
a virus sent by email that claimed to be from the systems administrator and an attachment should be
opened to get instructions. spread by email and copying itself to shared folders, also scanned files on
PC looking for email addresses, and disable processes used by the antivirus scanner.
A Nonvirus Virus
, rather than writing a virus, a hacker sends an email to all the addresses they have. the email claims to
be from a well-known antivirus center and warns of a new virus circulating. the file is not a virus but
part of a computer's system. it encourages the user to delete actual files they need for their system
Flame
virus targeting windows operating systems that was designed by the US government for espionage,
was discovered in 2012 by Iranian government sites. it is a spyware that can monitor network traffic
and take screen shots of the infected systems.
Rules for avoiding viruses
user a virus scanner, if you are not sure about an attachment, don't open it, exchange a code word at
the end of a document to know it is specific from the person, and do not believe any security alerts
that are sent to you
Trojan Horse
a program that looks benign but actually has a malicious purpose it might, download harmful
software from a website, install a key logger or spyware, delete files, or open a back door for a hacker
to use
eLiTeWrap
online tool to create a trojan horse, that can combine two programs and make one hidden and one
not.
The Buffer-Overflow Attack
happens when someone tries to put more data in a buffer than it was designed to hold. when too
much information is placed into a buffer, that information is then either truncated or rejected. a
programmer can write a program that purposefully writes more into the buffer than it can hold .. this
vulnerability only exists if the programmers fail to program effectively
The Sasser Virus/ Buffer Overflow
a combination attack that the virus (or worm) spreads by exploiting a buffer overrun. the sasser virus
spreads by copying itself to the windows directory and creates a registry key to load itself at startup.
so every time the machine restarts it will start the virus. when flaws are found in the system, the
worm will start overflowing the buffer by a file in the windows operating system
Spyware
cookie, keylogger, spies on activities on a particular computer
Legal Uses of Spyware
monitor employee use of company technology, parents can monitoring their home computers to see
what their children are doing
How Spyware is Delivered to a Target System
most common method is by trojan horse, or downloaded from a website
rootkit
(QUESTIONS WITH 100% CORRECT
ANSWER
virus
a program that self-replicates, rapid spread, can reduce the functionality and responsiveness of the a
network
2 ways a virus can spread
1. scan your computer for connections to a network and then copy itself to other machines on the
network to which your computer has access 2. read your email address book and and email itself to
everyone in your address book.
Macro
(type of virus) infect the macros in office documents (macros are mini programs written in Microsoft
Office) these can also be written as a virus, if the script is attached to an email and the recipient is
using Outlook, then the script can execute
Multi-partite
type of virus that attacks the computer in multiple ways such as the boot sector of the hard disk and
one or more files
memory resident
type of virus that installs itself and then remains in RAM from the time the computer is booted up to
when it is shut down
armored
type of virus that uses a technique that makes it hard to analyze, uses code confusion so that if the
virus is disassembled, the code won't be easily followed
sparse infector
type of virus that attempts to elude detection by performing its malicious activities only sporadically.
the user will see symptoms for a short time, then no symptoms for a time
polymorphic
type of virus that changes its form from time to time to avoid detection by antivirus software. (the
advanced form is metamorphic virus that can completely change itself)
Rombertik
used the browser to read user credentials to websites, sent as an email attachment, either will
overwrite the master boot on the hard drive, making the machine unbootable, or begin encrypting
files in the user's home directory
Gameover ZeuS
,virus that creates a peer-to-peer botnet, establishes encrypted communication between infected
computers and the command and control computer, allowing the attacker to control the various
infected computers
CryptoLocker
uses asymmetric encryption to lock the user's files
CryptoWall
uses asymmetric encryption to lock the user's files and encrypts sensitive files, communicates with a
command and control server and take a screen shot of the infected machine
FakeAV
a fake virus that would pop up fake virus warnings
MacDefender
targets Macintosh computers, imbedded in some sites so when a user visits the sites, the user is given
a fake virus scan to tell that they have a virus and needs to be fixed. the fix is a virus and the point of
the virus is to get the end user to purchase the MacDefender product
Troj/Invo-Zip
classic worm/ trojan horse that is transmitted as a zip file attached to an email. the email claims to
have an attachment that is invoice or tax related, if the receipent doesn't open the attachment, the
worm installs spyware and disables the firewall, and attempts to get financial information and takes
screen shots of the user's desktop
W32/Netsky-P
spreads primarily through email but also uses file sharing utilities to copy itself. it copies itself to
directories and shared folders, and copies itself to C:\WINDOWS\FVProtect.exe. to make people think
it is apart of some antivirus utility
The Sobig Virus
a virus that used more than one mechanism to spread and infect machines. would copy itself to any
shared drives on your network and would email itself out to everyone in your address book. it didn't
delete or damage any files, but just bogged down the networks that infected it.
The Mimail Virus
virus that collected emails from your address book and from other documents on your machine, it
had its own built-in email engine so it didn't have to piggy back off your email client
The Bagle Virus
a virus sent by email that claimed to be from the systems administrator and an attachment should be
opened to get instructions. spread by email and copying itself to shared folders, also scanned files on
PC looking for email addresses, and disable processes used by the antivirus scanner.
A Nonvirus Virus
, rather than writing a virus, a hacker sends an email to all the addresses they have. the email claims to
be from a well-known antivirus center and warns of a new virus circulating. the file is not a virus but
part of a computer's system. it encourages the user to delete actual files they need for their system
Flame
virus targeting windows operating systems that was designed by the US government for espionage,
was discovered in 2012 by Iranian government sites. it is a spyware that can monitor network traffic
and take screen shots of the infected systems.
Rules for avoiding viruses
user a virus scanner, if you are not sure about an attachment, don't open it, exchange a code word at
the end of a document to know it is specific from the person, and do not believe any security alerts
that are sent to you
Trojan Horse
a program that looks benign but actually has a malicious purpose it might, download harmful
software from a website, install a key logger or spyware, delete files, or open a back door for a hacker
to use
eLiTeWrap
online tool to create a trojan horse, that can combine two programs and make one hidden and one
not.
The Buffer-Overflow Attack
happens when someone tries to put more data in a buffer than it was designed to hold. when too
much information is placed into a buffer, that information is then either truncated or rejected. a
programmer can write a program that purposefully writes more into the buffer than it can hold .. this
vulnerability only exists if the programmers fail to program effectively
The Sasser Virus/ Buffer Overflow
a combination attack that the virus (or worm) spreads by exploiting a buffer overrun. the sasser virus
spreads by copying itself to the windows directory and creates a registry key to load itself at startup.
so every time the machine restarts it will start the virus. when flaws are found in the system, the
worm will start overflowing the buffer by a file in the windows operating system
Spyware
cookie, keylogger, spies on activities on a particular computer
Legal Uses of Spyware
monitor employee use of company technology, parents can monitoring their home computers to see
what their children are doing
How Spyware is Delivered to a Target System
most common method is by trojan horse, or downloaded from a website
rootkit
