Chapter 9: Malware, Vulnerability, and Threats

Question 1

Spyware

Answer 1

Gathers and sends off your information without your consent

-It almost always exists for the purposes of commercial gain

Question 2

Adware

Answer 2

Malware that shows you ads to generate revenue for the creator

Question 3

Rootkits

Answer 3

Programs that can hide from the operating system

• It can hide anywhere with enough memory in which to reside, even video cards and PCI cards
• The best defense is not to download one!

Question 4

Viewing Processes in Linux

Answer 4

<b>ps -ef | more</b>
-<b>man</b> will generally be able to give you definitions for processes
<b>ps -u root</b> will show you which processes are being used by root

Question 5

Trojan Horses

Answer 5

Enters the system under the guise of a different program

• They can exist on a system for YEARS before they do anything
• A port scan may reveal them
• A trojan is not always a virus, but a virus CAN be a trojan by definition (a companion virus)

Question 6

Common file extensions associated with viruses

Answer 6

.bat
.com
.exe
.hlp
.pif
.scr
They may also be hidden PDF documents, zip documents, and Microsoft Office documents due to Office's extensibility and poor security.

Question 7

Logic Bombs

Answer 7

A program set to attack when a specific event occurs. This can be when a date is reached or when a certain combination of programs is run.

Question 8

Backdoor

Answer 8

A program that creates an entrance for an attacker

-Back Orifice and NetBus were popular backdoor creators which are now blocked by most antivirus software.

Question 9

Botnets

Answer 9

A network of zombie computers used by a bot hoarder to combine processing power to do something malicious, often a DDoS. Windows 10 has established an extremely large botnet run by Microsoft for the purpose of decreasing server load while delivering updates and who knows what else.

Question 10

Ransomware

Answer 10

Your files get encrypted or a password gets changed and you’re asked to pay a ransom (in Bitcoin) to get it back. Cryptolocker is one I used to struggle with fixing on client machines.

Question 11

Polymorphic Virus

Answer 11

Changes form to avoid detection. Usually encrypts parts of its data, decrypts, and encrypts another part, etc.

Question 12

Stealth Virus

Answer 12

Mask themselves from applications to avoid detection. Generally hide next to the boot sector

Question 13

Retrovirus

Answer 13

Attacks or bypasses your antivirus

Question 14

Multipartite Virus

Answer 14

Maliciously attacks in a plethora of ways

Question 15

Armored Virus

Answer 15

Difficult to detect, analyze, or rid yourself of.

Question 16

Companion virus

Answer 16

Attaches itself to legitimate applications and installs itself with a different file extension. Usually hides out in your temp folder. These are included in all files downloaded from sites like CNET, FileHippo, Download.com, and Softpedia.

Question 17

Phage Virus

Answer 17

Modifies other programs or databases

Question 18

Macrovirus

Answer 18

Exploits enhancements made to applications, such as spellcheck in Microsoft Word. This is the fastest growing virus right now.

Question 19

Buffer Overflow Attack

Answer 19

Puts more data in the buffer than it can hold and then overwrites adjacent memory areas.

Question 20

Spoofing Attack

Answer 20

Pretending to be someone you’re not.

• IP spoofing
• ARP spoofing
• DNS spoofing
• MAC spoofing

Question 21

Pharming Attacks

Answer 21

Traffic intended for one host is sent to another

Question 22

Spear phishing

Answer 22

Phishing under the guise of someone the victim knows.

Question 23

Vishing

Answer 23

Phishing over VoIP

Question 24

XMas Attack

Answer 24

A Christmas tree packet is a packet with every single option set for whatever protocol is in use.
A large number of Christmas tree packets can also be used to conduct a DoS attack by exploiting the fact that Christmas tree packets require much more processing by routers and end-hosts than the ‘usual’ packets do.
Christmas tree packets can be easily detected by intrusion-detection systems or more advanced firewalls.

Question 25

Smurf Attacks

Answer 25

An attacker spoofs a valid IP, and sends out a broadcast ICMP Request which gets forwarded to all devices and everything replies, DoSsing the network

Question 26

Watering Hole Attack

Answer 26

Watering Hole is a computer attack strategy in which the victim is a particular group (organization, industry, or region). In this attack, the attacker guesses or observes which websites the group often uses and infects one or more of them with malware. Eventually, some member of the targeted group gets infected.

Question 27

Cross-Site Scripting (XSS)

Answer 27

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.

Question 28

SQL Injection

Answer 28

SQL injection (SQLi) refers to an injection attack wherein an attacker can execute malicious SQL statements (also commonly referred to as a malicious payload) that control a web application’s database server (also commonly referred to as a Relational Database Management System – RDBMS).

Question 29

LDAP Injection

Answer 29

Same thing as an SQL injection, but with Lightweight Directory Access Protocol

Question 30

XML Injection

Answer 30

XML Injection is an attack technique used to manipulate or compromise the logic of an XML application or service. The injection of unintended XML content and/or structures into an XML message can alter the intend logic of the application.

Question 31

Zero-Day Exploit

Answer 31

A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it—this exploit is called a zero day attack. It’s a relatively common issue with Flash, Java, and Quicktime.

Question 32

Arbitrary Code Execution

Answer 32

In computer security, arbitrary code execution is used to describe an attacker’s ability to execute any commands of the attacker’s choice on a target machine or in a target process.