Viruses and Malware

Q: What is malware?

A: Malicious software designed to harm or exploit computer systems.

Q: What are the two main characteristics of infectious malware?

A: Viruses and worms.

Q: What type of malware focuses on concealment?

A: Trojan horses, logic bombs, and rootkits.

Q: Name three types of malware designed for stealing information.

A: Spyware, keyloggers, and screen scrapers.

Q: What malware type is used for profit?

A: Dialers, scareware, and ransomware.

Q: What malware can act as a platform for other attacks?

A: Botnets and backdoors (trapdoors).

Q: What is a Trojan horse?

A: Software that appears to perform a desirable function but secretly performs malicious acts.

Q: How does a Trojan horse typically gain execution?

A: The user is tricked into executing it, expecting normal behavior.

Q: What is a trapdoor or backdoor?

A: A secret entry point into a system that bypasses normal security.

Q: Who commonly uses backdoors?

A: Developers, sometimes for debugging.

Q: What is a logic bomb?

A: Malware embedded in legitimate programs that activates under specific conditions.

Q: Give an example of a logic bomb trigger.

A: A specific date/time, presence of a file, or a particular user.

Q: What was the 1982 Trans-Siberian Pipeline incident?

A: A CIA-planted logic bomb caused a massive explosion in a Soviet pipeline.

Q: What does spyware do?

A: Collects information about users without their knowledge.

Q: What is a keylogger?

A: Spyware that records keystrokes.

Q: What is a screen scraper?

A: Spyware that reads data from a computer display.

Q: What is scareware?

A: Malware that scares victims into compromising their own security (e.g., fake antivirus).

Q: What is ransomware?

A: Malware that holds a system or data hostage until a ransom is paid.

Q: What were early ransomware types called?

A: Cryptoviruses, cryptotrojans, or cryptoworms.

Q: How does ransomware typically work?

A: Encrypts files and demands payment for decryption.

Q: What is a computer virus?

A: Self-replicating code that attaches to a host program and infects other files.

Q: What condition must be met for a virus to spread?

A: The infected code must be executed.

Q: What is a worm?

A: Self-replicating malware that does not require a host program.

Q: How does a worm spread?

A: Propagates a fully working version to other machines over a network.

Q: What are the phases of a worm attack?

A: Probing → Exploitation → Replication → Payload.

Q: What was the Morris Worm?

A: The first major worm, released in November 1988 by Robert Morris.

Q: What two parts did the Morris Worm consist of?

A: A main program to spread and a vector program to infect.

Q: What was Vector 1 of the Morris Worm?

A: Exploiting the debug feature of sendmail.

Q: What was Vector 2 of the Morris Worm?

A: Exploiting a buffer overflow in fingerd using gets().

Q: What was Vector 3 of the Morris Worm?

A: Exploiting trust in remote login (rlogin/rsh) and password cracking.

Q: How did the Morris Worm hide itself?

A: It disguised itself as 'sh' in process lists and hid files.

Q: What bug made the Morris Worm especially damaging?

A: It re-infected hosts with a 1/8 probability even if they were already compromised.

Q: What was Code Red?

A: A worm from July 2001 that infected 360,000 servers in 14 hours.

Q: What vulnerability did Code Red exploit?