30 Questions
Which type of malware is known for its active propagation?
Worm
What type of malware stays in memory?
Virus
Which type of malware is known for its unexpected functionality?
Trojan horse
Which type of malware is used for unauthorized access?
Trapdoor/backdoor
Which type of malware can exhaust system resources?
Rabbit
Where can viruses live?
Applications, macros, data, etc.
Which virus is considered a prototype for later viruses?
Brain virus (1986)
Which virus caused more annoyance than harm?
Brain virus (1986)
Which virus had not much reaction from users?
Brain virus (1986)
Which type of malware is currently fashionable?
Botnets
Which method of malware detection is effective on 'ordinary' malware, but cannot detect unknown viruses or some advanced types of malware?
Signature detection
What is the purpose of signature detection in malware detection?
To search for known signatures in files
Which method of malware detection can even detect previously unknown malware, but often results in many false alarms (false positives)?
Change detection
What is the main disadvantage of change detection as a method of malware detection?
It may result in heavy burden on users/administrators
Which method of malware detection involves monitoring the system for anything 'unusual' or 'virus-like', but has no proven track record and requires combination with another method?
Anomaly detection
What is the main advantage of anomaly detection as a method of malware detection?
It can detect unknown malware
What is the purpose of encrypted viruses in evading signature detection?
To make the virus look like random bits
Which method of malware detection relies on hashing files and comparing hash values to detect changes, but may result in false positives and requires combination with other methods?
Change detection
What is the main disadvantage of signature detection as a method of malware detection?
It cannot detect unknown viruses
Which method of malware detection involves searching for known signatures in files to identify the presence of known malware?
Signature detection
Which of the following is a characteristic of a flash worm?
It can infect the entire Internet in less than 15 minutes.
What is the purpose of a botnet?
All of the above
Which botnet was responsible for infecting an estimated 10 million hosts?
Conficker
What is the main difference between a whitelist and a blacklist in malware detection?
Whitelist uses known good code as a reference, while blacklist blocks known bad code.
What is the purpose of encrypting the decryptor code in a virus?
To make it more difficult to detect
What is the main characteristic of a botnet?
It is a network of infected machines controlled by a botmaster.
What is the purpose of anomaly detection in defending against attacks?
To identify patterns of behavior that deviate from normal
What is the main advantage of a flash worm over traditional worms?
It can infect the entire Internet almost instantly.
What is the purpose of a flash worm splitting and replicating?
To maximize the infection rate
What is the estimated time for an ideal flash worm to infect the entire Internet?
15 seconds
Study Notes
Malware Types
- Worms are a type of malware known for their active propagation.
- Trojan horses are a type of malware that stays in memory.
- Logic bombs are a type of malware known for their unexpected functionality.
- Backdoors are a type of malware used for unauthorized access.
- Rabbits are a type of malware that can exhaust system resources.
Virus Information
- Viruses can live in system memory, executable files, boot records, or macro files.
- The Elk Cloner is considered a prototype for later viruses.
- The Michelangelo virus caused more annoyance than harm.
- The Friday the 13th virus had not much reaction from users.
Malware Detection Methods
- Signature detection is a method of malware detection that involves searching for known signatures in files to identify the presence of known malware.
- The purpose of signature detection is to identify known malware by comparing code patterns.
- Encrypted viruses evade signature detection by encrypting their code.
- Change detection is a method of malware detection that involves monitoring the system for changes, but has no proven track record.
- Anomaly detection is a method of malware detection that involves monitoring the system for anything 'unusual' or 'virus-like', and can detect unknown malware, but often results in false alarms (false positives).
- Behavioral detection is a method of malware detection that involves monitoring system behavior and can detect unknown malware.
- Integrity checking is a method of malware detection that involves hashing files and comparing hash values to detect changes, but may result in false positives.
Botnets and Worms
- A botnet is a network of compromised computers that can be controlled remotely.
- The purpose of a botnet is to conduct malicious activities such as DDoS attacks.
- The Storm botnet was responsible for infecting an estimated 10 million hosts.
- A flash worm is a type of worm that can rapidly spread and infect systems.
- The main characteristic of a botnet is a network of compromised computers.
- The main advantage of a flash worm is its ability to rapidly spread and infect systems.
Malware Defense
- Anomaly detection is used to defend against attacks by monitoring system behavior.
- Whitelisting involves only allowing known good programs to run, while blacklisting involves blocking known bad programs.
- Encrypting the decryptor code in a virus makes it harder to detect.
- The purpose of anomaly detection is to detect unknown malware.
Test your knowledge on software flaws and malware in this quiz. Learn about the different types of malware and their historical significance, including Fred Cohen's pioneering work in the 1980s. Perfect for students studying information security and computer science.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free
