Chapter 9 Malware, Vulnerabilities and Threats Flashcards
Software exploitation
pg.299
attacks launched against applications and higher level services. They include gaining access to data using weakness int he data access objects of a database or a flaw in a service or appliations
Spyware
pg.299
differs from other malware in that it works-often actively- on behalf of a third party. Monitors the users activity and reports it to another party without informing the user
Adware
pg.301
primary purpose of the malware application is to deliver ads, then it is classified as adware, can have the same qualities as a spyware, but primary purpose is to display ads and generate revenue for the creator
Rootkits
pg.301
software programs that have the ability to hide things for certain operating system. rootkit is able to do this by manipulating functions calls to the operating system and filtering out information that would normally appear
Trojan Horses
pg.304
Programs that enter a system or network under the guise of another program. may included as an attachment or as a part of an installation, could create a backdoor or replace a valid program during installation
Logic Bombs
pg.307
programs or code snippets that execute when a certain predefined event occurs. A bomb may send a note to an attacker when a user is logged on to the Internet and is using a word processor
Backdoors
pg.308
Two different meaning. Original term refers to troubleshooting and developer hooks into systems that often circumvented normal authentication. Second type of backdoor refers to gaining access to a network and inserting a program or utility that creates an entrance for attack
Botnets
pg.309
Software running on infected computers called zombies.Runs automatically and automomously
Ransomeware
pg.309
Takes control of a system and demands that a third party be paid
Virus
pg.310
a piece of software designed to infect a computer system
Polymorphic
pg.310
these viruses change form in order to avoid detection
Stealth
pg.310
these viruses attack attempt to avoid detection by masking themselves form applications
Retroviruses
pg.310
Viruses attack or bypass the antivirus software installed on a computer
Multipartite
pg.310
Viruses attack your system in multiple ways
Armored
pg.310
Type of virus is one that is designed to make itself difficult to detect or analyze
Companion
pg.310
Virus attaches itself to legitimate programs and then creates a program with a different file name extension
Phage
pg.310
Virus is one that modifies and alters other programs and databases
Macro
pg.310
type of virus exploits the enhancements made to many application programs which are used by programmers to expand the capability of appliations
Armored Virus
pg.310
virus designed to make itself difficult to detect or analyze. Armored viruses cover themselves with protective code that stops debuggers or dis assemblers from examining elements of the virus
Antivirus Software
pg.317
The primary method of preventing the propagation of malicious code . An application that is installed on a system to protect it and to scan for viruses as well as worms and trojan horses
Spam
pg.316
Unwanted, unsolicited email
DoS attacks
pg.319
Denial of service attacks prevents access to resources by users authorizes to use those resources
DDos
pg.320
distributed denial of service is similar to DoS, amplifies the concepts of DoS by using multiple computer systems to conduct the attack against a single organization
Spoofing attack
pg.321
an attempt by someone or something to masquerade as someone else, considered an access attack.
ARP spoofing
pg.321
The MAC address Media Access Control, the data is faked
DNS spoofing
pg.321
the DNS server is given information about a name server that it thinks is legitimate when it isnt
Pharming Attack
pg.322
Pharming is a form of redirection in which traffic intended for one host is sent to another
Phishing
pg.322
Phishing is a form of social engineering in which you ask someone for a piece of info that you are missing bu making it look like a legitimate question
Spear phishing
pg.323
A unique form of phishing in which a message is made to look as if it came from someone you know and trust as opposed to an informal third party
NMAP
pg.324
Known as the XMAS attack, an advance scan that tries to get to get around the firewall detection and look of open ports. Which can run on all operating systems.
Man in the middle atack
pg.324
clandestinely places something in between sever and the user abut which neither the servers admin nor the user is aware