Security + Exam Guide (Charles River Media Networking/Security)

As stated throughout this book, these Test Tips are useful tools that you should skim over just before you take the exam. Use them as a final cram for the exam.

• A virus will replicate itself until it uses up all available system resources such as memory or hard drive space.

• Spyware is a program or piece of software that resides hidden on a system that monitors and logs the systems or another systems activities.

• A worm is a type of virus that can replicate itself. However, worms do not attach to other programs.

• Worms and viruses duplicate themselves, Trojans do not.

• Malware is shorthand for malicious code. It is something that produces unwanted, unexpected results. It is a virus, Trojan horse, or worm.

• System or boot infectors are older viruses that damage system files such as hard drives, the Master Boot Record (MBR), or the boot sector on a floppy disk.

• Variants are new viruses or virus strains that sometimes modify the code of existing well-known viruses.

• Most macro-type viruses are designed to insert numbers, characters, words, or phrases into documents or spreadsheets.

• Viruses that are in the wild exist outside of controller virus research labs. Viruses that exist in these labs are known to be Zoo viruses.

• The actual action that a virus carries out is called the virus’s payload.

• A virus threat or risk rating is a calculated value that represents the possible level of severity or threat of a specific virus.

• Most Trojan horses are hidden in Internet attachments that are often times distributed with e-mail and in the form of jokes, love letters, and misguiding advertisements.

• A logic bomb can be a computer virus or Trojan horse that activates when certain conditions are met.

• Blended threats typically will spread automatically by continuously scanning the Internet for Web servers with open or vulnerable TCP/IP ports. They also plant Trojans and logic bombs, as well as change permissions and utilize internal network mapped drives to spread.

• A virus with stealth characteristics will hide itself and send bogus responses back to an antiviral software package scan, in order to avoid detection.

• A polymorphic virus is a virus that possesses the ability to change its own internal code and byte structure as it is being duplicated.

• The Backdoor.Subseven virus and its known variants—Backdoor.SubSeven.1_7, Backdoor-G, Backdoor.Trojan, and Sub7—are most commonly distributed through e-mail attachments and instant messaging file and program transfers.

• NetBus is a remote administration Trojan horse type program that is similar to Back Orifice and Backdoor.Subseven, which must first be executed on a system by a user in order to be installed.

• ILOVEYOU is a self-propagating worm that is included as an e-mail attachment to an e-mail titled, “ILOVEYOU.”

• The Melissa (W97M.Melissa.A) virus is a macro virus that spreads very quickly when its payload is released or executed.

• The Back Orifice Trojan horse is a program that is similar in nature to NetBus. It allows remote access to a computer system after a server application program has been executed on the remote or targeted computer system.

• The Chernobyl virus, also named W98.CIH or just CIH, is an older space filler virus that targets earlier versions of operating systems such as Microsoft Windows 95 and Windows 98.

• W32.Nimda.A@mm is a mass-mailing worm that targets the weaknesses of vulnerable, unpatched Microsoft IIS (Internet Information Server) Web servers.

• W32.Klez.A@mm is a mass-mailing e-mail worm threat that exploits known weaknesses associated with Microsoft Outlook Express and Microsoft Outlook. (Remember what the “mm” means?)

• If the Guest account is enabled in Microsoft Windows, it can be used to access shared resources without entering a password for authentication. This is a major security risk.

• Root is the name of the administrative user account in UNIX and Linux.