Module 7: Section B Malware
rootkit
Any code that is designed to hide the existence of processes and privileges
___ are a type of standalone malware that masquerades as useful utilities or applications, which victims download and install unaware of their destructive nature.
Trojans
Computer viruses are characterized by their ___________
ability to self-replicate
side-loading
an app from a source other than an official app store is installed on a device
A rootkit _____________.
disabling antivirus software
In the context of malware, a trojan's main purpose is to ________
disguise malware as legitimate software
Malware trojans often contain code that is called a ______, which secretly installs malware
dropper
Antivirus software can detect viruses by looking for signatures can detect viruses by looking for signatures or by _______ analysis
heuristic
A virus ___ usually arrives as an email alert that warms against an imminent virus attack
hoax
trojan
is a computer program that seems to perform one function while actually doing something else
computer virus
is a set of self-replicating program instructions that surreptitiously attaches itself to a legitimate executable file on a host device
computer worm
is a small self-replicating, self-distributing program designed to carry out unauthorized activity on a victims device
Antivirus software
is a type of utitlity software that looks for and eliminates viruses, trojans, worms, and other malware.
Dropper
is designed to deliver or "drop" malicious code into a device
dropper
is designed to deliver or "drop" malicious code into a device
Code injection
is the process of modifying an executable file or data stream by adding additional commands
Through a process called side- ________, an app from a source other than an official app store is installed on device
loading
The action carried out by malware code is referred to as a(n) ____ or payload
malware exploit
Antivirus software produces what is referred to as a false ___ when a legitimate program is mistakenly identified as a virus
positive
When an antivirus software detects malware, it can try to remove the infection, put the file into ___, or simply delete the file.
quarantine
Malware
refers to any computer program designed to surreptitiously enter a digital device
Modern ___ are used to hide malicious code by replacing parts of the operating system with modified code.
rootkits
Antivirus software is a type of utility software that looks for and eradicates malware by watching for virus ___ or through a(n) ___ analysis that examines the behavior of suspicious files.
signatures; heuristic
Computer worms are usually ___ executable files that can spread themselves from one device to another without any assistance from victims.
standalone
Malware exploit
the action carried out by malware code
What is significant about exclusions in antivirus settings?
they define files and locations that the antivirus software will not scan
What is the purpose of heuristic analysis?
to detect virus-like commands or behaviors
virus hoax
usually arrives as an email message containing dire warnings about a supposedly new virus on the loose
A computer _________ is a set of self-replicating program instructions that surreptitiously attaches itself to a legitimate ____________ file on a host device.
virus executable
A computer ___ is a self-replicating, self-distributing program designed to carry out unauthorized activity on a victim's device.
worm
A(n) _________ is self replicating, self-distributing malware
worm
What is the key difference between computer viruses and worms?
worms are standalone executable programs, whereas viruses have to piggyback on to other EXE files
