Save
Busy. Please wait.
Log in with Clever
or
show password
Forgot Password?
Don't have an account?  Sign up 
Sign up using Clever
or
Username is available taken
show password


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account. Your email address is only used to allow you to reset your password. See our Privacy Policy and Terms of Service.

Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.
focusNode
Didn't know it?
click below
 
Knew it?
click below
Don't Know
Remaining cards (0)
Know
0:00
edit
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

CIT294 Chapter 5

CIT294 Ethical Hacking Chapter 5: Malware Terms

QuestionAnswer
backdoor a program or a set of related programs that a hacker installs on a target system to allow access to the system at a later time.
Trojan a malicious program disguised as something benign. Trojans are often downloaded along with another program or software package. Can cause data theft and loss, system crashes and slowdowns.
Remote Access Trojans (RATs) are class of backdoors used to enable remote control. Behaves like executable file and always have a client and server file.
overt channel is the normal and a legitimate way that programs communicate within a computer system or network.
covert channel uses programs or communications paths in ways that were not intended. Trojans use covert channels to communicate undetected!
Remote Access Trojans (RATs) used to gain remote access to a system
Data-Sending Trojans used to find data on a system and deliver data to a hacker
Destructive Trojans used to delete or corrupt files on a system
Denial of Service Trojans used to launch a denial or service attack
Proxy Trojans used to tunnel traffic or launch hacking attacks via other system
FTP Trojans used to create an FTP server in order to copy files onto a system
Security software disabler Trojans used to stop antivirus software
NetCat is a trojan that uses a command line interface to open TCP or UDP ports on a target. Hacker can then telnet to those open ports and gain shell access to the target system. Must run on both a client and a server.
Wrappers software packages that can be used to deliver a Trojan. It binds a legitimate file to the Trojan file as a single executable and is installed when the program is run.
Windows File Protection (WFP) prevents the replacement of protected files that include SYS, DLL, OCX, TTF, or EXE files. This ensures that only Microsoft-verified files are used to replace system files.
sigverif Windows tool that checks to see what files Microsoft has digitally signed on a system. To run, click Start Run and type in sigverif and click start.
System File Checker command line tool that can be used to check whether a Trojan program has replaced files. If SFC detects that file has been overwritten, it retrieve a known good file from Windows\system32\dllcache folder and overwrites the unverified file.
virus infects another executable and uses this carrier program to spread itself. The virus code is injected into the previously benign program and is spread when the program is run.
worm is a type of virus, but it’s self-replicating. A worm spreads from system to system automatically, but a virus needs another program in order to spread.
What do viruses infect? System sectors, Files, Macros (such as Microsoft Word macros), Companion files (supporting system files like DLL and INI files), Disk clusters, Batch files (BAT files), and Source code
Polymorphic viruses encrypt the code in a different way with each infection.
Stealth viruses hide the normal virus characteristics.
Fast and slow infectors evade detection by infecting very quickly or very slowly.
Sparse infectors infect only a few systems or applications.
Armored viruses are encrypted to prevent detection.
Multipartite viruses create multiple infections.
Cavity (space filler) viruses attach to empty areas of files.
Tunneling viruses are sent via a different protocol or encrypted.
Camouflage viruses appear to be another program.
NTFS and Active Directory viruses attack the NT file system or Active Directory on Windows systems.
virus detection techniques Scanning, Integrity checking with checksums, Interception based on a virus signature
Created by: Leisac
Popular Computers sets

 

 



Voices

Use these flashcards to help memorize information. Look at the large card and try to recall what is on the other side. Then click the card to flip it. If you knew the answer, click the green Know box. Otherwise, click the red Don't know box.

When you've placed seven or more cards in the Don't know box, click "retry" to try those cards again.

If you've accidentally put the card in the wrong box, just click on the card to take it out of the box.

You can also use your keyboard to move the cards as follows:

If you are logged in to your account, this website will remember which cards you know and don't know so that they are in the same box the next time you log in.

When you need a break, try one of the other activities listed below the flashcards like Matching, Snowman, or Hungry Bug. Although it may feel like you're playing a game, your brain is still making more connections with the information to help you out.

To see how well you know the information, try the Quiz or Test activity.

Pass complete!
"Know" box contains:
Time elapsed:
Retries:
restart all cards