CIT294 Ethical Hacking Chapter 5: Malware Terms
Quiz yourself by thinking what should be in
each of the black spaces below before clicking
on it to display the answer.
Help!
|
|
||||
---|---|---|---|---|---|
backdoor | a program or a set of related programs that a hacker installs on a target system to allow access to the system at a later time.
🗑
|
||||
Trojan | a malicious program disguised as something benign. Trojans are often downloaded along with another program or software package. Can cause data theft and loss, system crashes and slowdowns.
🗑
|
||||
Remote Access Trojans (RATs) | are class of backdoors used to enable remote control. Behaves like executable file and always have a client and server file.
🗑
|
||||
overt channel | is the normal and a legitimate way that programs communicate within a computer system or network.
🗑
|
||||
covert channel | uses programs or communications paths in ways that were not intended. Trojans use covert channels to communicate undetected!
🗑
|
||||
Remote Access Trojans (RATs) | used to gain remote access to a system
🗑
|
||||
Data-Sending Trojans | used to find data on a system and deliver data to a hacker
🗑
|
||||
Destructive Trojans | used to delete or corrupt files on a system
🗑
|
||||
Denial of Service Trojans | used to launch a denial or service attack
🗑
|
||||
Proxy Trojans | used to tunnel traffic or launch hacking attacks via other system
🗑
|
||||
FTP Trojans | used to create an FTP server in order to copy files onto a system
🗑
|
||||
Security software disabler Trojans | used to stop antivirus software
🗑
|
||||
NetCat | is a trojan that uses a command line interface to open TCP or UDP ports on a target. Hacker can then telnet to those open ports and gain shell access to the target system. Must run on both a client and a server.
🗑
|
||||
Wrappers | software packages that can be used to deliver a Trojan. It binds a legitimate file to the Trojan file as a single executable and is installed when the program is run.
🗑
|
||||
Windows File Protection (WFP) | prevents the replacement of protected files that include SYS, DLL, OCX, TTF, or EXE files. This ensures that only Microsoft-verified files are used to replace system files.
🗑
|
||||
sigverif | Windows tool that checks to see what files Microsoft has digitally signed on a system. To run, click Start Run and type in sigverif and click start.
🗑
|
||||
System File Checker | command line tool that can be used to check whether a Trojan program has replaced files. If SFC detects that file has been overwritten, it retrieve a known good file from Windows\system32\dllcache folder and overwrites the unverified file.
🗑
|
||||
virus | infects another executable and uses this carrier program to spread itself. The virus code is injected into the previously benign program and is spread when the program is run.
🗑
|
||||
worm | is a type of virus, but it’s self-replicating. A worm spreads from system to system automatically, but a virus needs another program in order to spread.
🗑
|
||||
What do viruses infect? | System sectors, Files, Macros (such as Microsoft Word macros), Companion files (supporting system files like DLL and INI files), Disk clusters, Batch files (BAT files), and Source code
🗑
|
||||
Polymorphic viruses | encrypt the code in a different way with each infection.
🗑
|
||||
Stealth viruses | hide the normal virus characteristics.
🗑
|
||||
Fast and slow infectors | evade detection by infecting very quickly or very slowly.
🗑
|
||||
Sparse infectors | infect only a few systems or applications.
🗑
|
||||
Armored viruses | are encrypted to prevent detection.
🗑
|
||||
Multipartite viruses | create multiple infections.
🗑
|
||||
Cavity (space filler) viruses | attach to empty areas of files.
🗑
|
||||
Tunneling viruses | are sent via a different protocol or encrypted.
🗑
|
||||
Camouflage viruses | appear to be another program.
🗑
|
||||
NTFS and Active Directory viruses | attack the NT file system or Active Directory on Windows systems.
🗑
|
||||
virus detection techniques | Scanning, Integrity checking with checksums, Interception based on a virus signature
🗑
|
Review the information in the table. When you are ready to quiz yourself you can hide individual columns or the entire table. Then you can click on the empty cells to reveal the answer. Try to recall what will be displayed before clicking the empty cell.
To hide a column, click on the column name.
To hide the entire table, click on the "Hide All" button.
You may also shuffle the rows of the table by clicking on the "Shuffle" button.
Or sort by any of the columns using the down arrow next to any column heading.
If you know all the data on any row, you can temporarily remove it by tapping the trash can to the right of the row.
To hide a column, click on the column name.
To hide the entire table, click on the "Hide All" button.
You may also shuffle the rows of the table by clicking on the "Shuffle" button.
Or sort by any of the columns using the down arrow next to any column heading.
If you know all the data on any row, you can temporarily remove it by tapping the trash can to the right of the row.
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
Created by:
Leisac
Popular Computers sets