Malware, Hacker Exploits, and Encryption

Question 1

What is Malware (Malicious Code)?

Answer 1

software or code deliberately written and released for the purpose of causing unwanted actions

Question 2

What can malware do?

Answer 2

Can be destructive, create back doors on a network, locate and steal sensitive info, etc.

Question 3

What are the two most common ways to get Malware?

Answer 3

Email Attachments

Web Links in emails, instant message, facebook, etc.

Question 4

What does a Virus do?

Answer 4

Replicates by attaching to a program of file, spread by humans
Spreads from Computer to Computer through user action (downloading, copying, running file)
Passed through emails, disks, peer to peer, visiting infected websites

Question 5

What does a Worm do?

Answer 5

Replicates and contains a payload like a virus

Can spread over a network without any user action

Question 6

Difference between a worm and virus?

Answer 6

Difference is a worm is self reliant and does not need to attach itself to a program

Question 7

What is a Trojan Horse?

Answer 7

Malicious software that is disguised as legitimate (tricks users into opening or running it)

Question 8

What is social engineering?

Answer 8

non-technical, human deception to further goals or aims to get access to a system that they aren’t authorized to access.

Question 9

What is a “Key Logger”?

Answer 9

devices that capture every key typed by the victim including space, back space, return, etc.

Question 10

Are Key Stroke Loggers hardware or software?

Answer 10

They can be both, but usually they are software

Question 11

Where are key stroke loggers most common?

Answer 11

public computers

Question 12

What are “Script Kiddies”?

Answer 12

Derogatory slang word that refers to beginner hackers who go to websites and copy the code instead of creating it themselves

Question 13

What are Zero Day Exploits?

Answer 13

Initial periods of time from where the hacker tool or exploit is released, until the security team comes up with a counter measure

Question 14

What is “Google Hacking”?

Answer 14

Using google or any other search engine to further your hacking activity

Question 15

What is Port Scanning?

Answer 15

Scanning your targets ports to see which ones are open

Question 16

What is Port Sweeping?

Answer 16

Interested in one port, usually for a specific target and see if that port is open and if target is using that port

Question 17

Info Gathering:

What is Operation System and Resource Discovery?

Answer 17

Find out what hardware and software your target is using so the hacker can find exploits in these items

Question 18

Info Gathering:

What is “Escalation of Privilege” in the steps of Attack Methodology?

Answer 18

Looking for higher levels of power accounts that allow you access to more things or access more information

ultimately an attacker will want “Administrator” or “Root” access

Question 19

Info Gathering:

What is “Housekeeping” in the steps of Attack Methodology?

Answer 19

Attempting to erase signs that they were ever in the system (Using root kits, log deletion or alteration)

Question 20

Password Cracking:

What is a Dictionary Attack?

Answer 20

tries every word in a predetermined dictionary

Question 21

Password Cracking:

What is Brute Force Attack?

Answer 21

tries every combination of letter, #’s, and characters on the keyboard (a, aa, aaa, ab, aab, etc)

Question 22

Password Cracking:

What is a Popular Password Attack?

Answer 22

choosing a Geographical area and picking a word that you think a lot of people would use as a password and run it (ex. DC area using “Redskins” as a password)

Question 23

What are “Exploits”?

Answer 23

Tools or techniques that take advantage of flaws (vulnerabilities) in software or hardware, or poor network design/security

Question 24

What are “Input Validation Attacks”?

Answer 24

Class of hacking tool/technique where a user enters data into software/environment/website to see what might happen

occurs when software or system is not properly checking input from the outside world

Most common is SQL

Question 25

What is a “Structured Query Language (SQL) Injection Attack”?

Answer 25

normally run against servers or ecommerce sites

Injecting or using the hackers own SQL language on the website to see if it will access information in that websites database

Hackers put this language into any of the open field (username, password, search, etc)

Question 26

What can SQL Injection Attacks do to a system?

Answer 26

Allow an attacker to completely compromise the database system

Create, read, update, and/or delete any arbitrary data available to the application

Obtain customer records/info; e-shoplift, change account setting and balances

Question 27

What is SQL language?

Answer 27

a language that speaks to and interacts with databases

Question 28

definition of input validation attack:

Answer 28

hacker tries to run commands of their own against a software or system to see what happens

Question 29

What are Denial of Service Attacks?

Answer 29

an attack that denies the service of the computer system or network to its users

Not usually for financial gain

(ex. Overloading Amazon.com)

Question 30

What are Zombie Networks or Botnets?

Answer 30

An army of computers that are hacked or infected with Denial of Service related malware that are under the control of the attacker

Infected computers are commanded to flood the victim network either using an IP address or domain name

Question 31

What is a “Syn Flood”?

Answer 31

Computes flood the website with data packet info requests but never do the final step of the acknowledgement that websites would send before sending the packets

Question 32

What is Phishing? Spear Phishing?

Answer 32

Use of spoofed emails and fraudulent websites designed to fool recipients into divulging personal financial information/data (ie. a link that brings the user to a fake website

spear phishing - selectively targeting people you think/know are associated with that financial institution (Phishing with Social Engineering)

Question 33

What is Pharming?

Answer 33

the act of forcing the victim to visit an attackers website when the victim is trying to access a legitimate site

attacker infects victim with malware that tells the DNS to go to the fake site not the legit site

Question 34

What is a DNS Re-Direction Attack?

Answer 34

Redirecting the DNS server that the computer looks to when going to a website, making them go to the DNS server that you set up

This involves the use of an “Evil DNS Server”

Question 35

What investigative issues can you run into with these attacks?

Answer 35

Hacked website is in a foreign country
Hacked site is not logging IP addresses
IP leads to Proxy Server or Anonymizer
Subject is using a hacked or free WiFi connection