Chapter 9: Malware, Vulnerabilities and Threats Flashcards
Spyware
- Monitors user activity and reports it to another party
- Does not replicate
Rootkits
Software programs that have the ability to hide certain things from the OS
Command to display running processes in Linux
ps -ef | more
Common file extensions that should not be allowed in your network
.bat .com .exe .hlp .pif .scr
Logic Bombs
Programs or code snippets that execute when a certain predefined event occurs.
Botnet
Malicious software running on a zombie and under the control of a bot-herder
Ransomware
Software takes control of a system and demands that a third party be paid.
3 Ways a Virus can enter your computer
1) Contaminated media (DVD, USB, CD)
2) Email or social networking sites
3) As part of another program
Retrovirus
Attak or bypass the antivirus software installed on a computer
Multipartite virus
Attacks your system in multiple ways
Armored Virus
Difficult to detect or analyze
Companion Virus
Attaches itself to legitimate programs and then creates a program with a different filename extension.
Phage
Modifies and alters other programs and databases.
Macro
Exploits the enhancements made to many application programs
SPIM and SPIT
Spam over instant messaging, and spam over Internet telephony.
Ping of Death
Crashes the system by sending ICMP packets that are larger than the system can handle.
Pharming
Traffic intended for one host is sent to another, with the intent of pretty much phishing
Spear Phishing
Form of phishing in which the message is made to look as if it came from someone you know and trust
Vishing
Phishing over the phone
Xmas Attack
An advanced scan that tries to get around firewall detection and look for open ports
Replay Attack
The attacker captures information and replays it
Smurf Attack
Spoofing the target machine’s IP address and broadcasting to that machine’s routers so that the routers think the target is sending out the broadcast. All machines try to respond and the target machine overloads
How to stop a smurf attack?
Prohibit ICMP packets from passing through your router.
Dictionary Attack
Uses a dictionary of common words to attempt to find a user’s password
Birthday Attack
Tries to find another value to be hashed and give the same result.
Client-Side Attack
One that targets vulnerabilities in client applications that interact with a malicious server.
Typo Squatting and URL Hijacking
Registering domains that are similar to those for a known entity
Watering Hole Attack
Identify a site visited by the target, poison that site, and wait for results.
Cross-Site Scripting (XSS)
Using a client-side scripting language to trick a user who visits a site into having code execute locally
Cross-Site Request Forgery (XSRF)
Unauthorized commands coming from a trusted user to the website, often without the user’s knowledge
SQL Injection Attack
Entering SQL code into a field and submitting it so that it executes
LDAP Injection Attack
Could allow access to directories and shit when it shouldn’t
XML Injection Attack
Can return entire documents
Directory Traversal Attack
An attacker is able to gain access to restricted directories through HTTP
Command Injection Attack
Injecting commands to carry out a directory traversal attack
Evercookie
A cookie that writes data to multiple locations, making it hard to remove completely
Locally Stored Object/Flash Cookie
Data stored on a user’s computer by Adobe Flash
Session Hijacking
When the item used to validate a user’s session, such as a cookie, is stolen and used by another to establish a session with the host
Header Manipulation
Uses other methods to change values in HTTP headers and falsify access.
InPrivate Filtering helps prevent
Arbitrary Code Execution
Allowing a program to remotely accept commands and execute them
Banner Grabbing
Looks at the banner or header information messages sent with data to find out about systems
Architectural Approach
Involves using a control framework to focus on the foundational infrastructure
Design Review
Examines the ports and protocols used, the rules, segmentation and access control.