Flashcards in Chapter 9 - Malware, Vulnerabilities, & Threats Deck (27)
How is spyware different from other malware?
9 - 300
because it works on behalf of a third party
What is a rootkit?
9 - 301
software program that has the ability to hide certain things from the operating system
what is a trojan horse?
9 - 305
programs that enter a system or network under the guise of another program
what file extension belongs in both columns of allowed and not allowed for email attachments?
9 - 307
what is a logic bomb?
9 - 307
programs or code snippets that execute when a certain predefined event occurs
what is a backdoor attack?
9 - 308
2 different meanings
1. troubleshooting and developer hooks into systems that often circumvented normal authentication
2. gaining access to a network and inserting a program or utility that creates an entrance for an attacker
what is a botnet?
9 - 309
software running on infected computers called zombies, under the control of a bot herder
what is ransomware?
9 - 309
software delivered through a trojean takes control of a system and demands that a third party be paid
tell me the 8 kinds of viruses
9 - 310
polymorphic - change form to avoid detection
stealth - masking themselves from applications
retrovirus - attack or bypass the antivirus software database
multipartite - attack system in multiple ways
armored - difficult to detect or analyze
companion - also known as a trojan, attach to program and create program with a different filename extension
phage - modify and alter programs or databases
macro - exploits the enhancements made to application programs
what does it mean to use the "layered approach" with antivirus software?
9 - 317
it means you put the antivirus software at the gateways, the servers, and at the dekstop
two of the most common types of DoS attacks are what?
9 - 319
ping of death - send ICMP packets that are larger than the system can handle
buffer overflow - put more data into the buffer than it can hold
DDoS uses one computer to target multiple or multiple computers to target one ?
9 - 321
multiple computers to target one computer
what is spear phishing?
9 - 323
unique form of phishing in which the message is made to look as if it came from someone you know
is a man in the middle attack an active or passive attack?
what's another name for this kind of attack?
9 - 324
what is a smurf attack?
9 - 326
spoofing the target machine's IP address and broadcasting to that machine's routers so that the routers think the target is sending out the broadcast. target system becomes overloaded.
tell me the 5 kinds of password attacks
9 - 327
brute force - guess until you get it right
dictionary - use common words to guess password
hybrid - combines dictionary with brute force
birthday - if your key is hashed, given enough time, another value can be created that will give the same hash value
rainbow table - identifying a stored value
what is privilege escalation?
9 - 328
user gaining more privileges than they should have because you forgot to remove the backdoor
malicious insider threat?
9 - 332
someone on the inside who sells you out
9 - 333
targets vulnerabilities in client applications that interact with a malicious server
typo squatting is the same as what?
9 - 333
what is the strategy of watering hole attack?
9 - 334
to identify a site that is visited by those they are targeting, and poison that site
tell me about Cross-Site Request Forgery
9 - 335
XSRF, session riding, one click attack, all the same thing
unauthorized commands coming from a trusted user to the website
what is a directory traversal attack?
9 - 337
when attacker gains access to restricted directories through HTTP
should you or should you not allow ActiveX without prompting you?
9 - 340
don't allow it without a prompt
what's the difference between risk, threat, and vulnerability?
9 - 344,345
risk - what is the likelihood of an attack being successful?
threat - what are the dangers associated with the risk
vulnerabilites? - where is the system weak?
9 - 322
associates IP addresses with a domain