Theory Test 2

Question 1

Malware Types

Answer 1

Virus, worms, trojans, RATs, spyware, scareware

Question 2

Goals of hacking besides financial gain

Answer 2

Destroy/corrupt data, steal data, DoS, bandwidth issues, shutdown a network/system

Question 3

Viruses

Answer 3

Attach to files, replicate through exe (needs a host)

Question 4

Macro Viruses

Answer 4

Viruses written in programming language which is embedded in a software app (eg MS Word)

Question 5

Worms

Answer 5

Standalone computer program that replicates in order to spread through a computer network (doesn’t need host)

Question 6

Morris Worm

Answer 6

1988, considered the first internet worm. Designed for UNIX and did not contain malicious payload. Directed to copy to a computer even if it already contains the worm

Question 7

Slammer Worm

Answer 7

Exploited buffer overflow in SQL server, doubles number of infected hosts every 8 sec

Question 8

Conficker Worm

Answer 8

Uses HTTP on a non standard port to call to 50 000 possible domains to download more malware from servers. Identifies and disables virus and malware scanners and Windows services

Question 9

Trojans

Answer 9

More than 80% of malware, includes backdoors, ransomware, rootkits, spyware, infostealers and malware downloaders. Disguised as useful programs (must be run by user) and allow remote access/control. Uses ports that can be targeted

Question 10

Backdoor Programs

Answer 10

Remote access program installed on user computer allowing attacker to control behaviour of the computer (aka Remote Access Trojans, RATs)

Question 11

Sub7

Answer 11

Backdoor program/RAT, mainly used for mischief but can be used to steal confidential info

Question 12

Back Orifice

Answer 12

Remote control Microsoft Windows system widely used by script kiddies due to easy installation and GUI features

Question 13

Net Bus

Answer 13

Server must be installed and run on the computer that should be remote controlled. When started it installs on host and modifies Windows registry to start automatically on startup. Is a process listening on ports 12345 or 12346

Question 14

Footprinting

Answer 14

The first and most convenient technique hackers use to gather information about computer systems and the entities they belong to. It is a passive reconnaissance

Question 15

ZAP

Answer 15

Zed Attack Proxy, one of the world’s most popular free security tools

Question 16

Social Engineering

Answer 16

Using knowledge of human nature to get info from people through persuasion, intimidation, coercion, and extortion. Use: urgency, status quo, kindness, position of authority

Question 17

Spyware

Answer 17

Type of malware that sends info from infected computer to the attacker. Can track activity, register keystrokes, and steal info

Question 18

Whois (windows program/site)

Answer 18

Footprinting tool that gathers ip and domain info

Question 19

Whois (Linux command)

Answer 19

Query databases that store registered users, same as whois sites

Question 20

Host (Linux command)

Answer 20

DNS lookups, convert names to ip address and vice versa

Question 21

Dig (Unix/Linux command)

Answer 21

Query DNS servers for info, troubleshoot and DNS lookups. Has replaced “host” command

Question 22

Shoulder Surfing

Answer 22

Reading user entry. Tools: Strategic positioning, key positions and typing techniques, hidden cameras

Question 23

Drive Disposal Canadian Standard

Answer 23

Overwrite 3 times