Palawan State University

IT 49Assignment 2: Malware
INSTRUCTION:
Submission of this assignment is by email. Use only your own email.
Submission using another email (say your classmates email) is invalid submission and is not
acceptable.
All submission must be in PDF format.
Use filename A2A2 lastname, firstname
o Example: Name: Camille Delos Santosfilename sholud be: A2A2 DelosSantos,
Camille
o A2A2- means Answer to Assignment No. 2.
o Due Date: Midnight of July 26, 2014
So many kinds of malware in the wild! From garden variety worms to hybrid viruses, you've got to watch
out for Trojan horses, spyware, and social engineering -- and don't forget to secure that back door! The
first line of defense is knowledge, understand the enemy and protect yourself. This is an assignment to
find out how much you know about malicious code. Need to find out? Then, do it.

Match the correct term in the left-hand column with its description in the right-hand column.
a) in the wild
b) anti-virus software
c) back door
d) hybrid virus
e) social engineering
f) logic bomb
g) Trojan horse
h) malware
i) data miner
j) denial of service
k) macro virus
l) adware
m) e-mail virus
n) ethical worm
o) executable
p) spyware
q) executable
r) zoo
s) DDoS attack
t) IM worm
u) payload
v) hybrid virus/worm
1. _L__ This is a type of software intended to deliver advertising, but quite
often it tracks user behavior as well.
2.__S__This is an attack in which multiple compromised systems attack a
single target, causing users to be denied normal services.
3. Q This is a type of file containing a program to run its application; viruses
are often transmitted this way.
4.__ F_ This is a type of malware that is activated by some trigger, such as a
specific date.
5. _N_ This is a controversial type of program used to automate security
patching.
6. __T__ This is self-replicating malware that spreads through instant
messaging networks.
7. V This is malicious coding that combines virus' ability to alter program
code with the worm's ability to reside in live memory and to propagate
without any action on the part of the user.
w) password cracker
x) probe
y) ethical worm
z) port scan
8. __C__ This is a means of access to a computer system put in place by either
an authorized person or a cracker.
9._ G__ This is malware that is hidden within apparently harmless code to
take the user by surprise.
10. __E__ This is a non-technical approach to getting unauthorized access,
usually by tricking silly humans into giving up their passwords.
When it comes to security, enterprise systems and networks are not all created equal. When it comes down to it,
they aren't all that different either. Some vulnerabilities are common to them all. This is a part II of Assignment No.
2 to test your knowledge of various vulnerabilities and learn how to defend organizations against them with the
resources we've collected below.
- After reading the question, encircle the letter of your answer that you think is correct. If the answer you've
chosen is correct, you will earn a point score.
1. An intruder might install this on a networked computer to collect user ids and passwords from other machines
on the network.
a. passphrase
b. rootkit
c. ownership tag
d. token
e. pseudonymous profile
2. This type of intrusion relies on the intruder's ability to trick people into breaking normal security procedures.
a. shoulder surfing
b. hijacking
c. brain fingerprinting
d. social engineering
e. war driving
3. The developers of an operating system or vendor application might issue this to prevent intruders from taking
advantage of a weakness in their programming.
a. cookie
b. key fob
c. watermark
d. Antigen
e. patch
4. This is an attack on a computer system that takes advantage of a particular vulnerability that the system offers
to intruders.
a. port scan
b. denial of service
c. exploit
d. logic bomb
e. phreaking
5. This is a program in which harmful code is contained inside apparently harmless programming or data.
a. Snort
b. honeypot
c. blue bomb
d. presence technology
e. Trojan horse
6. This is the modification of personal information on a Web user's computer to gain unauthorized information
with which to obtain access to the user's existing accounts.
a. identity theft
b. cookie poisoning
c. shoulder surfing
d. relative identifier
e. piracy
7. This type of attack may cause additional damage by sending data containing codes designed to trigger specific
actions - for example, changing data or disclosing confidential information.
a. buffer overflow
b. block cipher
c. war dialing
d. distributed denial-of-service attack
e. nuking
8. This is the forging of an e-mail header so that the message appears to have originated from someone or
somewhere other than the actual source.
a. footprinting
b. nonrepudiation
c. e-mail spoofing
d. finger
e. sheep dipping
9. This is a type of network security attack in which the intruder takes control of a communication between two
entities and masquerades as one of them.
a. hijacking
b. identity theft
c. smurf attack
d. tunneling
e. stealth
10. This is a compromised Web site that is being used as an attack launch point in a denial-of-service attack.
a. bastion host
b. packet monkey
c. dongle
d. zombie
e. token