Trojan Horses (4.3) – Flashcards

A malware program that appears to perform some useful task, but which also does something with negative consequences (e.g., launches a keylogger)

-Often concealed as a utility program that is advertised to do a routine task easier or give additional functionality. -Could include such malicious functionality as displaying file folders, a program update, free download of a game, etc.

The AIDS Trojan Duplicate Antivirus software Back Orfice Mocmex

To provide useful info about the acquired immune deficiency syndrome. Distributed on a bootable floppy disk and after several boots it would encrypt your hard drive. Then the Trojan Horse would sell you the decryption key for a fee (ransomware).

At first looked like a good way to do remote logins, but once installed it would open a backdoor to steal information.

Distributed through Chinese-made digital photo frames. Once the frame was opened in order to render a picture, it began collecting and transmitting passwords.

A malware program that spreads copies of itself without the need to inject itself in other programs, and usually without human interaction.

written by Cornell student Robert Tappan Morris and released on November 2, 1988. The worm copied itself onto other computers and did no actual damage, but caused a denial-of-service attack. He was the first person convicted under the 1986 Computer Fraud and Abuse Act.

-Identify vulnerability still unpatched. -Write code exploitation of vulnerability, generation of target list, installation and execution of payload. -Initial deployment on botnet -Worm template -Distributed graph search algorithm

A clandestine computer program designed to provide continued privileged access to a computer while actively hiding its presence. modifies the operating system or system utility programs to hide its existence: designed to hide the fact that an OS has been compromised

• A rootkit allows someone to maintain command and control over a computer without the computer user/owner knowing about it. • Has the ability to remotely execute files and change system configurations on the host machine. • Can also access log files and spy on the legitimate computer owner's usage.

hard to detect Often looks for behavioral-based methods (e.g., looking for strange behavior on a computer system), signature scanning, difference scanning, and memory dump analysis. Removal can be complicated (especially in kernel)

• Systems need to be current with patches against know vulnerabilities such as OS, applications, and up-to-date virus definitions. • Do not open email file attachments or accept files from unknown sources. • Use static analyzers to scan software.

Refer to software vulnerabilities that have been found in-the-wild before security researchers and software developers become aware of the threat.

-A generic name given to any collection of compromised PCs controlled by an attacker remote. -Comes from the words robot and network.

A machine that is controlled (commonly by botnet) externally to perform malicious attacks are often called this

-DDoS attacks (rely on computing power and bandwidth of hundreds or thousands of PCs) -Spammers use them to send millions of emials -Cybercriminals use them in large-scale credit-card fraud