424 Appendix A β Answers to Review Questions
Chapter 8: Trojans, Viruses, Worms,
and Covert Channels
- C. Malware covers all types of malicious software, including viruses, worms, Trojans, spy-
ware, adware, and other similar items. - C. Unlike a worm, a virus requires that a user interact with it or initiate replication in some
manner. - D. Typically a virus does not display pop-ups. That is a characteristic of adware.
- B. A worm replicates without user interaction.
- A. Worms are typically known for extremely rapid replication rates once they are released
into the wild. - A. Netstat -a or βan lists ports on a system that are listening in Windows.
- B. TCPView lists ports and what their statuses are in real time.
- D. TCPTROJAN is not a Trojan. However, all the other utilities on this list are different
forms of Trojans. - B. Hardware keyloggers are not difficult to install on a target system.
- C. Netcat can do port redirection.
- C. A Trojan relies on social engineering to entice the victim to open or activate the payload.
- A. A remote access Trojan (RAT) is a common payload to include in a Trojan.
- C. A covert channel is a backdoor or unintended vulnerability on a system that may or may
not be created through the use of a Trojan. - A. An overt channel is a mechanism on a system or process that is typically put in place by
design and intended to be used a specific way. - C. A software development kit (SDK) is used to develop software but not to detect a covert
channel. - D. Typically a RAT is not used to sniff traffic, but it may be used to install software to per-
form this function. - B. A logic bomb comes in two parts: a trigger and a payload. The payload stays dormant
until the trigger wakes it up. - A, C, D. A logic bomb may be activated by any of these options except the presence of a
vulnerability.
bapp01.indd 424 22-07-2014 10:56:36