Chapter 9 Flashcards
Software Exploitation
Attacks launched against applications and higher-level services. Includes gaining access to data using weaknesses
300
Rootkits
Software programs that have the ability to hide certain things from the operating system. Not all of the processes may show up in Task Manager
301
Bad extensions to download in an email
.bat .com .exe .hlp .pif .scr
Ransomware
Takes control of the system and demands that a third party be paid. Often gains control via encrypting the hard drive or changing passwords
309
Botnet
Malicious software running on a zombie computer. Generally run in the background of your computer with no visible evidence of their presence
309
Means of spreading Viruses
- On contaminated media (DVD, USB)
- Through email and social networking sites
- As part of another program
310
Polymorphic Virus
Change their form to avoid detection
310
Stealth Virus
Avoid detection by masking themselves from applications. They usually hide at the end of a boot section
310
Retroviruses
Attack or bypass the antivirus software installed on a computer
310
Multipartite Virus
Attack your system in multiple ways
310
Armored Virus
Designed to make itself difficult to detect or analyze
310
Companion Virus
Attaches itself to legitimate programs and then creates a program with a different filename extension
310
Phage Virus
Modifies and alters programs in databases
310
Macro Virus
Exploits enhansements made to many application programs, which are used by programmers to expand the capability of applications
310
Common Symptoms of Viruses
Programs take longer to load
Unusual files appear on your hard drive
Program sizes change
Software exhibits unusual characteristics
System mysteriously shuts down or unexpected disk activity
Suddenly can access disk drive or other system resources
System will not reboot or gives unexpected error messages during startup
311
SPIM
SPAM over instant messaging
316
SPIT
SPAM over Internet Telephony
316
Places to use antivirus software in a layered approach
Gateways, servers, and at the desktop
317
XMAS Attack
aka christmas tree attack.
Uses Nmap to scan for open ports using three flags (FIN PSH and URG)
324
Birthday Attack
If a key is hashed, the possibility that given enough time another value can be created with the same hash value
327
Dictionary Attack
uses a dictionary of common words to try to guess passwords. Usually automated
327
Rainbow Table Attack
Focuses on identifying a stored value by using values in the existing table of hashed phrases or words. Once it creates hashes, it compares them against encrypted values and continues until it breaks encryption
327
Privilege Escalation
A user gaining more privileges that he/she should have. With the escalated permissions the user can perform task that he/she should not be allowed to do.
328
Client side attack
targets vulnerabilities in client applications that interact with a malicious server. A user accesses the trusted site and unwittingly downloads the rogue code allows the attacker to install and execute malware
333
Malicious Insider Threat
When a disgruntled employee sells company information
332
Typo Squatting
AKA URL Hijacking
registering domains that are similar to those of a known entity but based on a misspelling or typographical error.
333
Watering Hole Attack
An attacker infects a common site and lets the users infect themselves
334
Cross-Site Scripting
Using a client-side scripting language an attacker can trick a user who visits a site into having code execute locally
334
XSRF
Cross-Site Request Forgery
unauthorized commands coming from a trusted user to the website.
335
