Chapter 9: Malware, Vulnerabilities and Threats

Question 1

Spyware

Answer 1

• Monitors user activity and reports it to another party

- Does not replicate

Question 2

Rootkits

Answer 2

Software programs that have the ability to hide certain things from the OS

Question 3

Command to display running processes in Linux

Answer 3

ps -ef | more

Question 4

Common file extensions that should not be allowed in your network

Answer 4

.bat
.com
.exe
.hlp
.pif
.scr

Question 5

Logic Bombs

Answer 5

Programs or code snippets that execute when a certain predefined event occurs.

Question 6

Botnet

Answer 6

Malicious software running on a zombie and under the control of a bot-herder

Question 7

Ransomware

Answer 7

Software takes control of a system and demands that a third party be paid.

Question 8

3 Ways a Virus can enter your computer

Answer 8

1) Contaminated media (DVD, USB, CD)
2) Email or social networking sites
3) As part of another program

Question 9

Retrovirus

Answer 9

Attak or bypass the antivirus software installed on a computer

Question 10

Multipartite virus

Answer 10

Attacks your system in multiple ways

Question 11

Armored Virus

Answer 11

Difficult to detect or analyze

Question 12

Companion Virus

Answer 12

Attaches itself to legitimate programs and then creates a program with a different filename extension.

Question 13

Phage

Answer 13

Modifies and alters other programs and databases.

Question 14

Macro

Answer 14

Exploits the enhancements made to many application programs

Question 15

SPIM and SPIT

Answer 15

Spam over instant messaging, and spam over Internet telephony.

Question 16

Ping of Death

Answer 16

Crashes the system by sending ICMP packets that are larger than the system can handle.

Question 17

Pharming

Answer 17

Traffic intended for one host is sent to another, with the intent of pretty much phishing

Question 18

Spear Phishing

Answer 18

Form of phishing in which the message is made to look as if it came from someone you know and trust

Question 19

Vishing

Answer 19

Phishing over the phone

Question 20

Xmas Attack

Answer 20

An advanced scan that tries to get around firewall detection and look for open ports

Question 21

Replay Attack

Answer 21

The attacker captures information and replays it

Question 22

Smurf Attack

Answer 22

Spoofing the target machine’s IP address and broadcasting to that machine’s routers so that the routers think the target is sending out the broadcast. All machines try to respond and the target machine overloads

Question 23

How to stop a smurf attack?

Answer 23

Prohibit ICMP packets from passing through your router.

Question 24

Dictionary Attack

Answer 24

Uses a dictionary of common words to attempt to find a user’s password

Question 25

Birthday Attack

Answer 25

Tries to find another value to be hashed and give the same result.

Question 26

Client-Side Attack

Answer 26

One that targets vulnerabilities in client applications that interact with a malicious server.

Question 27

Typo Squatting and URL Hijacking

Answer 27

Registering domains that are similar to those for a known entity

Question 28

Watering Hole Attack

Answer 28

Identify a site visited by the target, poison that site, and wait for results.

Question 29

Cross-Site Scripting (XSS)

Answer 29

Using a client-side scripting language to trick a user who visits a site into having code execute locally

Question 30

Cross-Site Request Forgery (XSRF)

Answer 30

Unauthorized commands coming from a trusted user to the website, often without the user's knowledge

Question 31

SQL Injection Attack

Answer 31

Entering SQL code into a field and submitting it so that it executes

Question 32

LDAP Injection Attack

Answer 32

Could allow access to directories and shit when it shouldn't

Question 33

XML Injection Attack

Answer 33

Can return entire documents

Question 34

Directory Traversal Attack

Answer 34

An attacker is able to gain access to restricted directories through HTTP

Question 35

Command Injection Attack

Answer 35

Injecting commands to carry out a directory traversal attack

Question 36

Evercookie

Answer 36

A cookie that writes data to multiple locations, making it hard to remove completely

Question 37

Locally Stored Object/Flash Cookie

Answer 37

Data stored on a user's computer by Adobe Flash

Question 38

Session Hijacking

Answer 38

When the item used to validate a user's session, such as a cookie, is stolen and used by another to establish a session with the host

Question 39

Header Manipulation

Answer 39

Uses other methods to change values in HTTP headers and falsify access. InPrivate Filtering helps prevent

Question 40

Arbitrary Code Execution

Answer 40

Allowing a program to remotely accept commands and execute them

Question 41

Banner Grabbing

Answer 41

Looks at the banner or header information messages sent with data to find out about systems

Question 42

Architectural Approach

Answer 42

Involves using a control framework to focus on the foundational infrastructure

Question 43

Design Review

Answer 43

Examines the ports and protocols used, the rules, segmentation and access control.