BOOK: Ch 6, 7, 10 Flashcards

1
Q

Malware propagation mechanisms include those used by…(3)

A

viruses, worms and Trojans

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

______ include system corruption, bots, phishing, spyware, and rootkits.

A

Payloads

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Virus Dormant Phase

A

The Virus is Idle.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Virus Propagation Phase

A

The virus places a copy of itself into other programs orinto certain system areas on the disk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Virus Triggering Phase

A

The virus is activated to perform the function for which it was intended.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Virus Execution Phase

A

The function is performed. The function may be harmless, such as a message on the screen, or damaging, such as the destruction ofprograms and data files.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Infects files with macro or scripting code that is interpreted by an application.

A

Macro Virus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Infects files that the operating system or shell consider to be executable.

A

File Infector Virus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

An attack, that exploits social engineering to leverage user’s trust by masquerading as communications from a trusted source

A

Phishing Attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The recipients are carefully researched by the attacker, and each e-mail is carefully crafted to suit its recipient specifically, often quoting a range of information to convince them of its authenticity.

A

Spear-Phishing Attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Is a set of programs installed on a system to maintain covert access to thatsystem with administrator (or root) privileges, while hiding evidence of its presenceto the greatest extent possible.

A

Rootkit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

An attempt to compromise availabilityby hindering or blocking completely the provision of some service.

A

Denial-of-service (DoS) attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

DDoS Flooding attack targets…(3)

A

Network BW, System resources, Application resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

The ICMP echo responsepackets generated in response to a ping flood using randomly spoofed source addresses is a good example.

A

Backscatter Traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

This attacks the ability of a network server to respond to TCP connection requests by overflowing the tables used to manage such connections.

A

DoS attach, SYN Spoofing Attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

The attacker sends packets to a known service on the intermediary with a spoofed source addressof the actual target system. When the intermediary responds, the response is sent tothe target.

A

Reflection attack

17
Q

Involve sending apacket with a spoofed source address for the target system to intermediaries. Theydiffer in generating multiple response packets for each original packet sent. This canbe achieved by directing the original request to the broadcast address for some network.

A

Amplification Attacks

18
Q

A condition at an interface under which more input can be placed into a buffer or data holding area than the capacity allocated, overwritingother information. Attackers exploit such a condition to crash a system or to insert speciallycrafted code that allows them to gain control of the system.

A

Buffer Overflow

19
Q

Instead of the sequence of letters used as padding in the example above, binary values corresponding to the desired machine instructions were used.

A

Shellcode

20
Q

Aim to prevent or detect buffer overflows by instrumenting programs when they are compiled.

A

Compile-Time Defenses

21
Q

Can be deployed as operating systems updates to provide some protection for existing vulnerableprograms. These defenses involve changes to the memory management of the virtualaddress space of processes.

A

Run-Time Defenses

22
Q

Most commonlythe address of a standard library function is chosen, such as the system() function. The attacker specifies an overflow that fills the buffer, replaces the savedframe pointer with a suitable address, replaces the return address with the address of the desired library function, writes a placeholder value that the library function will believe is a return address, and then writes the values of one (or more) parameters to this library function.

A

Return-to-system-call Attack

23
Q

If the allocated space includes a pointer to afunction, which the code then subsequently calls, an attacker can arrange for this address to be modified to point to shellcode in the overwritten buffer.

A

Heap Buffer Overflow