Chapter 9 - Malware, Vulnerabilities and Threats

Question 1

How does Spyware differ from Malware?

Answer 1

page 300
Works actively on behalf of a third party. Rather than self replicating, like viruses and worms, spyware is spread to machines by users who inadvertently ask for it.

Question 2

What are rootkits?

Answer 2

page 301

Software programs that have the ability to hide certain things from the operating system.

Question 3

What are Trojan Horses?

Answer 3

page 305
Programs that enter a system or network under the guise of another program. Could create a backdoor or replace a valid program during installation.

Question 4

What are logic Bombs?

Answer 4

page 307

Programs or code snippets that execute when a certain predefined event occurs.

Question 5

What are the two Definitions of Backdoors?

Answer 5

page 308

• Originally referred to troubleshooting and developer hooks into systems that often circumvented normal authentication.
• Second refers to gaining access to a network and inserting a program or utility that creates an entrance for an attack.

Question 6

What are software running on infected computers called zombies often known as?

Answer 6

page 309

Botnet

Question 7

What are often delivered through a Trojan, takes control of a system and demands that a third party be paid?

Answer 7

page 309
Ransomware
- The “control” can be accomplished by encrypting the hard drive, by changing user password information, or via any of number of other creative ways.

Question 8

What are the different types of Virus classifications?

Answer 8

page 310

• Polymorphic - Stealth
• Retrovirus - Multipartite
• Armored - Companion
• Phage - Macro

Question 9

What are the different types of viruses?

Answer 9

page 313

• Armored - Polymorphic
• Companion Virus - Phage
• Macro Virus - Retro virus
• Multipartite Virus - Stealth

Question 10

What is Spam?

Answer 10

page 316
Defined as any unwanted, unsolicited email and not only can the sheer volume of it be irritating, but it can also often open the door to larger problems.

Question 11

What are some of the reasons attackers have for initiating an attack?

Answer 11

page 319

• They might be doing it for sheer fun of it.
• They might be criminals attempting to steal from you
• They might be individuals or groups who are using the attack to make a political statement or commit an act of terrorism

Question 12

What are some of attacks of DoS, DDoS?

Answer 12

page 319

• Deny access to information, applications, systems, or communications.
• Bring down a website while the communications and systems continue to operate.
• Crash the operating system
• Fill the communications channel of a network and prevent access by authorized users.
• Open as many TCP sessions as possible; this type of attack is called a TCP SYN flood DoS attack

Question 13

What is a Spoofing Attack?

Answer 13

page 321

Is an attack by someone or something to masquerade as someone else., usually an access attack.

Question 14

What are the most popular spoofing attacks today?

Answer 14

page 321

• IP spoofing
• ARP Spoofing
• DNS SPoofing

Question 15

What is Spear Phishing?

Answer 15

page 323
A unique form form of phishing in which the message is made to look as if it came from someone you know and trust as opposed to an informal third party.

Question 16

What is Replay Attacks?

Answer 16

page 325

Is a kind of access or modification attack. The attacker can capture the information and replay it later.

Question 17

What types of Password Attacks are there?

Answer 17

page 327
Brute-Force Attack
Dictionary Attack
Hybrid
Birthday Attack
Rainbow Table

Question 18

How does a Brute-Force Attack occur?

Answer 18

page 327

Is an attempt to guess passwords until a successful guess occurs.

Question 19

What type of attack uses a combination of dictionary entries and brute-force?

Answer 19

page 327

Hybrid

Question 20

What is a Rainbow Table Attack?

Answer 20

page 327
Focuses on identifying a stored value. By using values in an existing table of hashed phrases or words and comparing them to values found.

Question 21

What are some questions you should consider when responding to an Attack?

Answer 21

page 328

1. How can you show that a break-in really occurred?
2. How can you determine the extent of what was done during the entry?
3. How can you prevent further entry?
4. Whom should you inform in your organization?
5. What should you do next?

Question 22

What is Transitive Access?

Answer 22

page 332
One party (A) trusts another party (B)
If party (B) trusts another party (C), then a relationship may exist whereby the third party (C) is trusted by the first party (A)

Question 23

What are Client-side Attacks?

Answer 23

page 333

Targets vulnerabilities in client applications that interact with a malicious server.

Question 24

What is the act of registering domains that are similar to those for a known entity but based on a misspelling or typographical error.

Answer 24

page 333

Typo Squatting and URL Hijacking

Question 25

What is SQL Injection?

Answer 25

page 335
Structured Query Language, AKA SQL Insertion Attack.
An attacker manipulates the database code to take advantage of a weakness in it.
Various types of exploits fall into the following categories:
- Escape characters not filtered correctly
- Type handling not properly done
- Conditional errors
- Time delays