Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CISSP ISC2 2023 > Chapter 21: Malicious Code and Application Attacks > Flashcards

Chapter 21: Malicious Code and Application Attacks Flashcards

1
Q

Main difference between virus and worm?

A

Viruses and worms both travel from system to system attempting to deliver their mali- cious payloads to as many machines as possible.

However, viruses require some sort of human intervention, such as sharing a file, network resource, or email message, to propagate.

Worms, on the other hand, seek out vulnerabilities and spread from system to system under their own power, thereby greatly magnifying their reproductive capability, especially in a well‐connected network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Stuxnet

A

Stuxnet uses following techniques:

  • Searching for unprotected administrative shares of system on the local network.
  • Exploiting zero-day vulnerabilities in the Windows server system and Windows print pooler services
  • Connecting to a system using default database password
  • Spreading by using shared infected USB drive

Stuxnet marks two major evolutions in the world of malicious code: the use of worm to cause major physical damage to a facility and the use of malicious code in warfare between nations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Polymorphic Virus

A

Polymorphic viruses actually modify their own code as they
travel from system to system. The virus’s propagation and destruction techniques remain the same, but the signature of the virus is somewhat different each time it infects a new system. It is the hope of polymorphic virus creators that this constantly changing signature will render signature-based antivirus packages useless. However, antivirus vendors have “cracked the code” of many polymorphism techniques, so current versions of antivirus software are able to detect known polymorphic viruses. However, it tends to take vendors longer to generate the necessary signature les to stop a polymorphic virus in its tracks, which means the virus can run free on the Internet for a longer time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a malware threat associated with virtualization?

A

The correct answer is: VM Escape

When you host multiple logical servers on a physical host you run the risk of some disadvantages. One of which is malware escaping one virtual machine to infect another VM on the same host.

VM Escape is when malware leaps from VM to VM which can be a nightmare for a busy server with multiple VMs on it.

Securing virtual servers requires the same defense in depth strategy common to non-virtualized systems. Be sure to take threats to servers the same when their both virtual and physical.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Rootkits

A

Rootkits are kernel-level malicious programs which can hide themselves and cover up their own activities from antivirus or investigators and allow attackers to maintain access to the systems.

Rootkits can replace operating system components, act as services, cover event logs and otherwise provide an entry point for the attacker at a later date, basically anything a user or administrator can do to the system with root/admin privileges.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the difference between Metamorphic and Polymorphic

A

Metamorphic malware is rewritten with each iteration so that each succeeding version of the code is different from the preceding one. The code changes makes it difficult for signature-based antivirus software programs to recognize that different iterations are the same malicious program.
In spite of the permanent changes to code, each iteration of metamorphic malware functions the same way. The longer the malware stays in a computer, the more iterations it produces and the more sophisticated the iterations are, making it increasingly hard for antivirus applications to detect, quarantine and disinfect.
Polymorphic malware also makes changes to code to avoid detection. It has two parts, but one part remains the same with each iteration, which makes the malware a little easier to identify.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Core cause of XSS

A

XSS also called CSS attacks occur because the web server is compromised or deliberately malicious and hosting malicious scripts. When the user’s browser executes the scripts, the malicious script can use existing cookies, session tokens or other sensitive information stored by the browser.

XSS attacks occur because of unchecked or unvalidated user input into web forms in the form of malicious JavaScript, VBScript, ActiveX, Flash or HTML that is executed on the user’s computer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Packers

A

Packers
Packers provide runtime compression of executables. The original exe is compressed, and a small executable decompresser is prepended to the exe. Upon execution, the decompresser unpacks the compressed executable machine code and runs it.
Packers are a neutral technology that is used to shrink the size of executables. Many types of malware use packers, which can be used to evade signature-based malware detection. A common packer is UPX (Ultimate Packer for eXecutables), available athttp://upx.sourceforge.net/.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Covert Timing Attack

A

Covert timing attacks manipulate system resources to access information obtained by another process.

Key: modify system resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CISSP ISC2 2023 (90 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions