Flashcards in Chapter 9 - Malware, Vulnerabilities and Threats Deck (25):
How does Spyware differ from Malware?
Works actively on behalf of a third party. Rather than self replicating, like viruses and worms, spyware is spread to machines by users who inadvertently ask for it.
What are rootkits?
Software programs that have the ability to hide certain things from the operating system.
What are Trojan Horses?
Programs that enter a system or network under the guise of another program. Could create a backdoor or replace a valid program during installation.
What are logic Bombs?
Programs or code snippets that execute when a certain predefined event occurs.
What are the two Definitions of Backdoors?
- Originally referred to troubleshooting and developer hooks into systems that often circumvented normal authentication.
- Second refers to gaining access to a network and inserting a program or utility that creates an entrance for an attack.
What are software running on infected computers called zombies often known as?
What are often delivered through a Trojan, takes control of a system and demands that a third party be paid?
- The "control" can be accomplished by encrypting the hard drive, by changing user password information, or via any of number of other creative ways.
What are the different types of Virus classifications?
- Polymorphic - Stealth
- Retrovirus - Multipartite
- Armored - Companion
- Phage - Macro
What are the different types of viruses?
- Armored - Polymorphic
- Companion Virus - Phage
- Macro Virus - Retro virus
- Multipartite Virus - Stealth
What is Spam?
Defined as any unwanted, unsolicited email and not only can the sheer volume of it be irritating, but it can also often open the door to larger problems.
What are some of the reasons attackers have for initiating an attack?
- They might be doing it for sheer fun of it.
- They might be criminals attempting to steal from you
- They might be individuals or groups who are using the attack to make a political statement or commit an act of terrorism
What are some of attacks of DoS, DDoS?
- Deny access to information, applications, systems, or communications.
- Bring down a website while the communications and systems continue to operate.
- Crash the operating system
- Fill the communications channel of a network and prevent access by authorized users.
- Open as many TCP sessions as possible; this type of attack is called a TCP SYN flood DoS attack
What is a Spoofing Attack?
Is an attack by someone or something to masquerade as someone else., usually an access attack.
What are the most popular spoofing attacks today?
- IP spoofing
- ARP Spoofing
- DNS SPoofing
What is Spear Phishing?
A unique form form of phishing in which the message is made to look as if it came from someone you know and trust as opposed to an informal third party.
What is Replay Attacks?
Is a kind of access or modification attack. The attacker can capture the information and replay it later.
What types of Password Attacks are there?
How does a Brute-Force Attack occur?
Is an attempt to guess passwords until a successful guess occurs.
What type of attack uses a combination of dictionary entries and brute-force?
What is a Rainbow Table Attack?
Focuses on identifying a stored value. By using values in an existing table of hashed phrases or words and comparing them to values found.
What are some questions you should consider when responding to an Attack?
1. How can you show that a break-in really occurred?
2. How can you determine the extent of what was done during the entry?
3. How can you prevent further entry?
4. Whom should you inform in your organization?
5. What should you do next?
What is Transitive Access?
One party (A) trusts another party (B)
If party (B) trusts another party (C), then a relationship may exist whereby the third party (C) is trusted by the first party (A)
What are Client-side Attacks?
Targets vulnerabilities in client applications that interact with a malicious server.
What is the act of registering domains that are similar to those for a known entity but based on a misspelling or typographical error.
Typo Squatting and URL Hijacking