Busy. Please wait.
or

show password
Forgot Password?

Don't have an account?  Sign up 
or

Username is available taken
show password

why


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account.
We do not share your email address with others. It is only used to allow you to reset your password. For details read our Privacy Policy and Terms of Service.


Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.

Remove Ads
Don't know
Know
remaining cards
Save
0:01
To flip the current card, click it or press the Spacebar key.  To move the current card to one of the three colored boxes, click on the box.  You may also press the UP ARROW key to move the card to the "Know" box, the DOWN ARROW key to move the card to the "Don't know" box, or the RIGHT ARROW key to move the card to the Remaining box.  You may also click on the card displayed in any of the three boxes to bring that card back to the center.

Pass complete!

"Know" box contains:
Time elapsed:
Retries:
restart all cards




share
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

CIT294 Chapter 5

CIT294 Ethical Hacking Chapter 5: Malware Terms

QuestionAnswer
backdoor a program or a set of related programs that a hacker installs on a target system to allow access to the system at a later time.
Trojan a malicious program disguised as something benign. Trojans are often downloaded along with another program or software package. Can cause data theft and loss, system crashes and slowdowns.
Remote Access Trojans (RATs) are class of backdoors used to enable remote control. Behaves like executable file and always have a client and server file.
overt channel is the normal and a legitimate way that programs communicate within a computer system or network.
covert channel uses programs or communications paths in ways that were not intended. Trojans use covert channels to communicate undetected!
Remote Access Trojans (RATs) used to gain remote access to a system
Data-Sending Trojans used to find data on a system and deliver data to a hacker
Destructive Trojans used to delete or corrupt files on a system
Denial of Service Trojans used to launch a denial or service attack
Proxy Trojans used to tunnel traffic or launch hacking attacks via other system
FTP Trojans used to create an FTP server in order to copy files onto a system
Security software disabler Trojans used to stop antivirus software
NetCat is a trojan that uses a command line interface to open TCP or UDP ports on a target. Hacker can then telnet to those open ports and gain shell access to the target system. Must run on both a client and a server.
Wrappers software packages that can be used to deliver a Trojan. It binds a legitimate file to the Trojan file as a single executable and is installed when the program is run.
Windows File Protection (WFP) prevents the replacement of protected files that include SYS, DLL, OCX, TTF, or EXE files. This ensures that only Microsoft-verified files are used to replace system files.
sigverif Windows tool that checks to see what files Microsoft has digitally signed on a system. To run, click Start Run and type in sigverif and click start.
System File Checker command line tool that can be used to check whether a Trojan program has replaced files. If SFC detects that file has been overwritten, it retrieve a known good file from Windows\system32\dllcache folder and overwrites the unverified file.
virus infects another executable and uses this carrier program to spread itself. The virus code is injected into the previously benign program and is spread when the program is run.
worm is a type of virus, but it’s self-replicating. A worm spreads from system to system automatically, but a virus needs another program in order to spread.
What do viruses infect? System sectors, Files, Macros (such as Microsoft Word macros), Companion files (supporting system files like DLL and INI files), Disk clusters, Batch files (BAT files), and Source code
Polymorphic viruses encrypt the code in a different way with each infection.
Stealth viruses hide the normal virus characteristics.
Fast and slow infectors evade detection by infecting very quickly or very slowly.
Sparse infectors infect only a few systems or applications.
Armored viruses are encrypted to prevent detection.
Multipartite viruses create multiple infections.
Cavity (space filler) viruses attach to empty areas of files.
Tunneling viruses are sent via a different protocol or encrypted.
Camouflage viruses appear to be another program.
NTFS and Active Directory viruses attack the NT file system or Active Directory on Windows systems.
virus detection techniques Scanning, Integrity checking with checksums, Interception based on a virus signature
Created by: Leisac