Threat and attack terminology Flashcards
Malicious software that gathers information, intercept personal data and make it available to third parties. Hes primary purposeis to display ads and generate revenue for the creator.
adware
Protocol used to map known IP addresses to unkown physical address
ARP
An attack that convinces the network that the attacker’s MAC address is the one associated with an allowed address so that traffic is wrongly sent to attacker’s address
ARP Poisoning
Software that identifies the presence of Virus
Antivirus
A virus that is protected in a way that makes dissasembiling it difficult.
Armored virus
involves the MAC (Media Access Control) address of the data being faked.
ARP spoofing commonly known as ARP poisoning
Any unauthorized intrusion into the normal operations of a computer or computer network.
attack
The area of an application that is available to users—those who are authenticated and, more importantly, those who are not.
attack surface
An opening left in a program application (usually by the
developer) that allows additional access to data.
backdoor
An automated software program (network robot) that collects information on the web.In its malicious form, is a compromised computer being controlled remotely.
bot
A type of denial-of-service (DoS) attack that occurs when more data is put into a buffer than it can hold, thereby overflowing it
buffer overflow
Using multiple transparent or opaque layers to trick a user into clicking a button or link on another page when they had intended to click on the top page.
clickjacking
A virus that creates a new program that runs in the place
of an expected program of the same name.
companion virus
A form of web-based attack in which unauthorized commands are sent from a user that a website trusts.
cross-site request forgery (XSRF)
Running a script routine on a user’s machine
from a website without their permission.
cross-site scripting (XSS)
A type of attack that prevents any users—even
legitimate ones—from using a system.
DoS
The act of attempting to crack passwords by testing them against a list of dictionary words.
dictionary attack
A derivative of a DoS attack in which
multiple hosts in multiple locations all focus on one target to reduce its availability to the public.
DDoS Distributed denial of service
An attack method in which a daemon caches DNS reply
packets, which sometimes contain other information (data used to fill the packets). The extra data can be scanned for information useful in a break-in or man-in-the-middle attack.
DNS poisoning
The DNS server is given information about a name server that it thinks is legitimate when it isn’t.
DNS Spoofing
The network service used in TCP/IP
networks that translates hostnames to IP addresses.
Domain Name System (DNS)
Putting too much information into too small of a space that has been set aside for numbers.
Integer Overflow
Making the data look as if it came from a trusted host when it didn’t
IP Spoofing
A permission method in which users are granted only the privileges necessary to perform their job function.
least privilege
The policy of giving a user only the minimum
permissions needed to do the work that must be done.
least privilege policy
Any code that is hidden within an application and causes something unexpected to happen based on some criteria being met. For example, a programmer could create a program that always makes sure her name appears on the payroll roster; if it doesn’t, then key files begin to be
erased.
Logic bomb
A software exploitation virus that works by using the macro feature included in many applications, such as Microsoft Office.
Macro Virus
A threat from someone inside the organization
intent on doing harm.
insider threat
An attack that occurs when someone/something that is
trusted intercepts packets and retransmits them to another party.
Man-in-the-middle
A virus that attacks a system in more than one way.
multipartie virus
A large Internet Control Message Protocol (ICMP) packet
sent to overflow the remote host’s buffer. Usually causes the remote host to reboot or hang.
Ping of Death
An attribute of some viruses that allows them to mutate and appear differently each time they crop up. The mutations make it harder for virus scanners to detect (and react) to the viruses.
polymorphic
The result when a user obtains access to a resource that
they wouldn’t normally be able to access.It can also be done purposefully by an attacker seeking full access.
Privilege escalation
Software that demands payment before restoring the data or system infected.
ransomware
An attack that captures portions of a session to play back later to convince a host that it is still talking to the original connection.
replay attack
A virus that attacks or bypasses the antivirus software installed on a computer.
retrovirus
A form of malware that tries to convince the user to pay for a fake threat.
rogueware
Software program that has the ability to obtain root-level access and hide certain things from the operating system.
rootkit
A small library that is created to intercept API calls transparently.
shim
An attempt by someone or something to masquerade as
someone/something else.
spoofing
Software programs that work—often actively—on behalf of a third party.
spyware
A virus that attempts to avoid detection by masking itself from applications.
stealth virus
Any application that masquerades as one thing in order to get past scrutiny and then does something malicious.
Trojan horse
Creating domains that are based on the misspelling of
another.
typo squatting
Registering domains that are similar to those for a known
entity but based on a misspelling or typographical error.
URL hijacking
A program intended to damage a computer system.
Virus
Identifying a site that is visited by those whom they
are targeting, poisoning that site, and then waiting for the results.
wathering hole attack
An advanced attack that tries to get around detection and send a packet with every single option enabled.
Xmas attack
An attack that begins the very day an exploit is discovered.
Zero day exploit
Any system taking directions from a master control computer.
Zombie
allows a remote user to access the system for the purpose of administering it. Although this can be extremely valuable for legitimate administration, improperly accessed it offers the opportunity to exploit powerful features of the operating system.
RAT - Remote Access Tool
