Section 19.5. Key Terms, Review Questions, and Problems | Cryptography and Network Security (4th Edition)

[Page 620]

19.5. Key Terms, Review Questions, and Problems

Key Terms

auto-rooter
backdoor
digital immune system
direct DDoS attack
distributed denial of service (DDoS)
downloaders
e-mail virus
exploits
flooder
keylogger
kit
logic bomb
macro virus
malicious software (malware)
polymorphic virus
reflector DDoS attack
rootkit
spammer program
stealth virus
trapdoor
trojan horse
virus
worm
zombie

Review Questions

19.1	What is the role of compression in the operation of a virus?
19.2	What is the role of encryption in the operation of a virus?
19.3	What are typical phases of operation of a virus or worm?
19.4	In general terms, how does a worm propagate?
19.5	What is a digital immune system?
19.6	How does behavior-blocking software work?
19.7	What is a DDoS?

Problems

19.1

There is a flaw in the virus program of Figure 19.1. What is it?

19.2

The question arises as to whether it is possible to develop a program that can analyze a piece of software to determine if it is a virus. Consider that we have a program D that is supposed to be able to do that. That is, for any program P, if we run D(P), the result returned is TRUE (P is a virus) or FALSE (P is not a virus). Now consider the following program:

Program CV :=   { . . .   main-program :=         {if D(CV) then goto next:                else infect-executable;         } next:   }

In the preceding program, infect-executable is a module that scans memory for executable programs and replicates itself in those programs. Determine if D can correctly decide whether CV is a virus.