Chapter 9: Malware, Vulnerability, and Threats Flashcards Preview

CompTIA Security+ > Chapter 9: Malware, Vulnerability, and Threats > Flashcards

Flashcards in Chapter 9: Malware, Vulnerability, and Threats Deck (32)
Loading flashcards...


Gathers and sends off your information without your consent
-It almost always exists for the purposes of commercial gain



Malware that shows you ads to generate revenue for the creator



Programs that can hide from the operating system
-It can hide anywhere with enough memory in which to reside, even video cards and PCI cards
-The best defense is not to download one!


Viewing Processes in Linux

ps -ef | more
-man will generally be able to give you definitions for processes
ps -u root will show you which processes are being used by root


Trojan Horses

Enters the system under the guise of a different program
-They can exist on a system for YEARS before they do anything
-A port scan may reveal them
-A trojan is not always a virus, but a virus CAN be a trojan by definition (a companion virus)


Common file extensions associated with viruses

They may also be hidden PDF documents, zip documents, and Microsoft Office documents due to Office's extensibility and poor security.


Logic Bombs

A program set to attack when a specific event occurs. This can be when a date is reached or when a certain combination of programs is run.



A program that creates an entrance for an attacker
-Back Orifice and NetBus were popular backdoor creators which are now blocked by most antivirus software.



A network of zombie computers used by a bot hoarder to combine processing power to do something malicious, often a DDoS. Windows 10 has established an extremely large botnet run by Microsoft for the purpose of decreasing server load while delivering updates and who knows what else.



Your files get encrypted or a password gets changed and you're asked to pay a ransom (in Bitcoin) to get it back. Cryptolocker is one I used to struggle with fixing on client machines.


Polymorphic Virus

Changes form to avoid detection. Usually encrypts parts of its data, decrypts, and encrypts another part, etc.


Stealth Virus

Mask themselves from applications to avoid detection. Generally hide next to the boot sector



Attacks or bypasses your antivirus


Multipartite Virus

Maliciously attacks in a plethora of ways


Armored Virus

Difficult to detect, analyze, or rid yourself of.


Companion virus

Attaches itself to legitimate applications and installs itself with a different file extension. Usually hides out in your temp folder. These are included in all files downloaded from sites like CNET, FileHippo,, and Softpedia.


Phage Virus

Modifies other programs or databases



Exploits enhancements made to applications, such as spellcheck in Microsoft Word. This is the fastest growing virus right now.


Buffer Overflow Attack

Puts more data in the buffer than it can hold and then overwrites adjacent memory areas.


Spoofing Attack

Pretending to be someone you're not.
-IP spoofing
-ARP spoofing
-DNS spoofing
-MAC spoofing


Pharming Attacks

Traffic intended for one host is sent to another


Spear phishing

Phishing under the guise of someone the victim knows.



Phishing over VoIP


XMas Attack

A Christmas tree packet is a packet with every single option set for whatever protocol is in use.
A large number of Christmas tree packets can also be used to conduct a DoS attack by exploiting the fact that Christmas tree packets require much more processing by routers and end-hosts than the 'usual' packets do.
Christmas tree packets can be easily detected by intrusion-detection systems or more advanced firewalls.


Smurf Attacks

An attacker spoofs a valid IP, and sends out a broadcast ICMP Request which gets forwarded to all devices and everything replies, DoSsing the network


Watering Hole Attack

Watering Hole is a computer attack strategy in which the victim is a particular group (organization, industry, or region). In this attack, the attacker guesses or observes which websites the group often uses and infects one or more of them with malware. Eventually, some member of the targeted group gets infected.


Cross-Site Scripting (XSS)

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.


SQL Injection

SQL injection (SQLi) refers to an injection attack wherein an attacker can execute malicious SQL statements (also commonly referred to as a malicious payload) that control a web application's database server (also commonly referred to as a Relational Database Management System – RDBMS).


LDAP Injection

Same thing as an SQL injection, but with Lightweight Directory Access Protocol


XML Injection

XML Injection is an attack technique used to manipulate or compromise the logic of an XML application or service. The injection of unintended XML content and/or structures into an XML message can alter the intend logic of the application.