A malicious program, Notepad.com, mimics the legitimate one, Notepad.exe, by using a file extension name with precedence. Which of the following best describes the malicious program?
A. Polymorphic virus
B. Multipartite virus
C. Stealth virus
D. Companion virus
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is D. Companion virus.
- The polymorphic virus reflectively modifies its code across systems so that the hash value changes to avoid the detection of antivirus software by comparing signatures. The encrypted virus is one type of polymorphic virus by encrypted its code.
- The multipartite virus infects not only files but also the master boot record (MBR).
- The stealth virus typically attacks the master boot record (MBR) or operating system (OS) files to be booted as early as possible and dominate the whole system, including the operating system, so that it cannot be detected by antivirus software.
- The companion virus uses the same file name but with a various file extension that has a higher priority to be executed if the file extension is not specified in a command-line interface (CLI). It’s a legacy technique used on DOS or old Windows systems that a .com program takes precedence over a .exe executable.
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.
- It is available on Amazon.
- Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.
一隻惡意程式, Notepad.com, 使用更高優先權的檔案副檔名(file extension)來模仿合法的程式Notepad.exe。 以下哪項最能描述這個惡意程式？
A. 多態性病毒 (Polymorphic virus)
B. 多部分病毒 (Multipartite virus)
C. 隱形病毒 (Stealth virus)
D. 伴侶病毒 (Companion virus)