Chapter 2 Key Terms

Question 1

Malware

Answer 1

Software designed to take over or damage a computer without the user’s knowledge or approval.

Question 2

Virus

Answer 2

A program that attempts to damage a computer system and replicate itself to other computer systems.

Question 3

Worm

Answer 3

A self-replicating malware program.

Question 4

Trojan horse

Answer 4

A malicious program that is disguised as legitimate or desirable software.

Question 5

Zombie

Answer 5

A computer that is infected with malware and is controlled by a command and control center called a zombie master.

Question 6

Botnet

Answer 6

A group of zombie computers that are commanded from a central control infrastructure.

Question 7

Rootkit

Answer 7

A set of programs that allows attackers to maintain hidden, administrator-level access to a computer.

Question 8

Logic bomb

Answer 8

Malware designed to execute only under predefined conditions. It is dormant until the predefined condition is met.

Question 9

Spyware

Answer 9

Software installed without the user’s consent or knowledge and is designed to intercept or take partial control of the user’s computer.

Question 10

Adware

Answer 10

Malware that monitors a user’s personal preferences and sends pop-up ads that match those preferences.

Question 11

Ransomware

Answer 11

Malware that denies access to a computer system until the user pays a ransom.

Question 12

Scareware

Answer 12

A scam to fool a user into thinking there is some form of malware on the system.

Question 13

Crimeware

Answer 13

Malware designed to perpetrate identity theft. It allows a hacker access to online accounts at financial services, such as banks and online retailers.

Question 14

Crypto-malware

Answer 14

Malicious software that uses a computer’s resources to mine cryptocurrencies in the background undetected. Also known as cryptojacking.

Question 15

Remote Access Trojan (RAT)

Answer 15

Malware that includes a back door to allow a hacker administrative control over the target computer.

Question 16

Hacker

Answer 16

A person who commits crimes through gaining unauthorized access to computer systems.

Question 17

Cracker

Answer 17

A person actively engaged in developing and distributing worms, Trojans, and viruses; engaging in probing and reconnaissance activities; creating toolkits so that others can hack known vulnerabilities; and/or cracking protective measures.

Question 18

Script Kiddy

Answer 18

A less-skilled hacker who often relies on automated tools or scripts written by crackers to scan systems and exploit weaknesses.

Question 19

Potentially unwanted Program (PUP)

Answer 19

A PUP is a software inadvertently installed that contains adware, installs toolbars, or has other objectives.

Question 20

Fileless virus

Answer 20

A fileless virus uses legitimate programs to infect a computer.

Question 21

Targeted Attack

Answer 21

A type of threat in which threat actors actively pursue and compromise a target entity’s infrastructure while maintaining anonymity.

Question 22

Opportunistic Attack

Answer 22

An attack in which the threat actor is almost always trying to make money as fact as possible and with minimal effort.

Question 23

Insider

Answer 23

A threat agent who has authorized access to an organization and either intentionally or unintentionally carries out an attack.

Question 24

Competitor

Answer 24

A threat agent who carries out attacks on behalf of an organization and targets competing companies.

Question 25

Cybercriminal

Answer 25

A subcategory of hacker threat agents. Cybercriminals are willing to take more risks and use more extreme tactics for financial gain.

Question 26

Nation state

Answer 26

A sovereign state threat that may wage an all-out war on a target and have significant resources for the attack.

Question 27

Internal Threat

Answer 27

A threat from authorized individuals (insiders) who exploit assigned privileges and inside information to carry out an attack.

Question 28

External Threat

Answer 28

A threat from individuals or groups not associated with the organization, who seek to gain unauthorized access to data.

Question 29

Persistent Threat

Answer 29

A threat that seeks to gain access to a network and remain there undetected.

Question 30

Non-Persistent threat

Answer 30

A threat that focuses on getting into a system and stealing information. It is usually a one-time event, so the attacker is not concerned with detection.

Question 31

Open-source intelligence (OSINT)

Answer 31

Information that is readily available to the public and doesn’t require any type of malicious activity to obtain.

Question 32

White hat

Answer 32

A skilled hacker who uses skills and knowledge for defensive purposes only. The white hat hacker interacts only with systems for which express access permission is given.

Question 33

Black hat

Answer 33

A skilled hacker who uses skills and knowledge for illegal or malicious purposes.

Question 34

Gray hat

Answer 34

A skilled hacker who falls in the middle of white hat and black hat hackers. The gray hat may cross the line of what is ethical, but usually has good intentions and isn’t malicious like a black hat hacker.

Question 35

Social Engineering

Answer 35

an attack involving human interaction to obtain information or access.

Question 36

Footprinting

Answer 36

uses social engineering to obtain as much information as possible about an organization.

Question 37

Pretexting

Answer 37

Pretexting is a fictitious scenario to persuade someone to perform an action or give information.

Question 38

Elicitation

Answer 38

a technique to extract information from a target without arousing suspicion.

Question 39

Preloading

Answer 39

influencing a target’s thoughts, options, and emotions before something happens.

Question 40

SMiShing

Answer 40

(SMS Phishing) is doing phishing through an SMS message. In other words, tricking a user to download a virus, Trojan horse, or malware onto a cell phone.

Question 41

Impersonation

Answer 41

pretending to be somebody else and approaching a target to extract information.

Question 42

SPIM

Answer 42

SPIM is similar to spam, but the malicious link is sent to the target over instant messaging instead of email.

Question 43

Hoax

Answer 43

type of malicious email with some type of urgent or alarming message to deceive the target.

Question 44

Hacktivist

Answer 44

a hacker with a political motive.

Question 45

Script Kiddie

Answer 45

A less-skilled (usually younger) hacker that often relies on automated tools or scripts written by crackers to scan systems at random to find and exploit weaknesses.

Question 46

White hat hacker

Answer 46

is a professional who helps companies find the vulnerabilities in their security. Also known as an ethical hacker.

Question 47

Cybercriminal

Answer 47

A person (or team of individuals) who use technology to steal sensitive information for a profit. Cybercriminals are often associated with large organized crime syndicates such as the mafia.

Question 48

Zero-day vulnerability

Answer 48

Zero-day is a software vulnerability that is unknown to the vendor.

Question 49

Data loss

Answer 49

The loss of files and documents either accidentally or through malicious acts.

Question 50

Data breach

Answer 50

The exposure of confidential or protected data, either accidentally or through malicious acts.

Question 51

Data exfiltration

Answer 51

The unauthorized transfer of information or files from a computer.

Question 52

Identity Theft

Answer 52

A crime in which an attacker commits fraud by using someone else’s name or existing accounts to obtain money or to purchase items.

Question 53

Availability Loss

Answer 53

Loss of access to computer resources due to the network being overwhelmed or crashing.