Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
55 Cards in this Set
- Front
- Back
malware |
1. software that enters a computers system without the owners knowledge or consent 2. Performs unwanted and usually harmful action |
|
malware objectives |
1. rapidly spread its infection 2. conceal its purpose 3. make profit for its creators |
|
virsus |
1. malicious computer code that reproduces on a single computer |
|
methods of spreading a virus |
1. virus appends its self to a file 2. viruses changes the beginning of the file (adds jump instruction pointing to the virus) 3. swiss cheese infection (injects portions of code throughout programs executable code |
|
virus actions |
1. causing the computer to crash repeatedly 2. displaying an annoying message 3. erasing files from the hdd 4. making copies of its self to consume all space on the hdd 5. turning off security settings 6. reformatting the hdd |
|
virsus replication |
only replicates on host computer
|
|
types of virsuses |
1. program virus ( infects program exe files) 2. macro virus (stored within a user document) |
|
worm |
1. malicious program designed to take advantage of a vulnerability in an application or os 2. searches for another computer with the same vulnerability 3. sends copies of itself over the network |
|
worm actions |
1. consume network resources 2. allows computer to be controlled remotely 3. delete files |
|
how does it spread to other computers |
VIRUS because viruses are attached to files they spread by a user transferring those programs to other devices
WORM worms use a network to travel from one computer to another |
|
how does it infect |
VIRUS insert their code into a file
WORM exploit vulnerabilities in applications or os
|
|
does there need to be user action |
virus - yes worm - no |
|
can it be remote controlled |
virus - no worm - yes |
|
types of concealing malware |
1. trojan 2. rootkit 3. backdoor 4. arbitrary code exe |
|
trojan |
1. exe program containing hidden malware code 2. program advertised as performing one activity but usually does something else 3. may be installed on users system with users approval 4. typically do not replicate to same pc or another pc |
|
rootkit |
1. set of software tools used by an attacker 2. conceals presence of other malicious software 3. deletes logs 4. changing os to ignore malicious activity |
|
backdoor |
1. software code that gives access to program or service 2. circumvents normal security protections |
|
keylogger |
hardware of software that captures keystrokes information can be retrieved by an attacker |
|
hardware keylogger |
installed between pc keyboard and usb port |
|
software keylogger |
hides itself from detection by the user |
|
arbitrary code exe |
attacker uses buffer overflow attack to gain control of victims pc
|
|
buffer |
storage area on a computer the contains (return address) for the pc cpu |
|
buffer flowback attack |
attacker substitutes own return address in the buffer leads to malware code |
|
remote control attack |
zombie botnet |
|
zombie |
infected robot pc |
|
botnet |
thousands of zombies can remain active for years |
|
bot herder |
attacker controls zombies using http commands |
|
spamming |
a botnet consisting of thousands of zombies enables an attackers to send massive amounts of spam, can harvest email |
|
spreading malware |
botnets can be used to spread malware and create new zombies and botnets zombies have the ability to download and execute a file sent by the attacker |
|
manipulating online polls |
because each zombie has a unique up address each can count for authentic |
|
denying srevices |
botnets can flood a web server with thousands of requests and overwhelm it to the point that it can not respond to legitmate requests |
|
spyware |
software that spies on the user without users consent |
|
spyware actions |
control use of system resources collect personal info impact user experience privacy or system security |
|
automatic download software |
used to download and install software without the users interaction can be used to install unauthorized apps |
|
passive tracking technologies |
used to gather info about user activities without installing any software can collect private info |
|
system modifying software |
modifies or changes user configurations to setting the user did not approve |
|
tracking software |
used to monitor user behavior or gather info about the user collects info about user collects personal info |
|
spyware effects on pc |
slows system creates system instability add browser toolbars or menu add shortcuts hijack homepage increase popups |
|
adware |
software that delivers advertising content |
|
adware actions |
display popup adds and banners open browsers at random intervals may display objectionable content may interfere with user productivity may track and monitor user interactions |
|
scareware |
software that displays a fictitius warning tries to impel users to take action uses legitimate trademarks or icons pretends to perform a security scan to find problems offers purchase of full version to fix problems victim provides credit card number to attacker |
|
computer defenses a user should implement |
manage patches install antivirus software configure personal firewall using uac protecting against theft create data backup know steps to recover from attack |
|
patch |
software security update intended to cover vulnerabilities discovered after the program was released |
|
service pack |
software package of cumulative security updates and features |
|
configuring options for updates |
install updates automatically download updates and user chooses whether to install check for updates and user chooses whether to download and install never check for updates |
|
antivirus software |
scans a pc hdd for infections monitors pc security examines new doc that may contain a virus works by matching to known virus signatures should have signatures updated frequently |
|
software based firewall |
designed to prevent malware from enter the pc examines incoming data from the internet or lan filters certain content user controls programs access to flow of traffic |
|
personal firewall |
protects only pc which it is installed based on programs running on pc |
|
network firewall |
protects all devices connected to the network provides sophisticated range of filtering mechanisms |
|
recommended personal firewall settings |
turn on firewall for all network locations and connections block all inbound connections |
|
uac |
indicates privilage level of the user personal configuration setings |
|
three types of user accounts |
standard administrator guest |
|
uac |
alerts user to os system events ask permissions to perform certain tasks helps to prevent trojan from making unauthorized changes user with administrator can authorize changes |
|
uac notification settings |
always notify notify me only when programs try to make changes to my pc never notify |
|
backup |
backup system periodically most os has this function built in |