Threats, Vulnerabilities, Common Attacks

Question 1

Virus

Answer 1

Virus

• Malicious code that attaches to host app
• Executes when host executed
• Tries to replicate by finding other host apps
• At some point virus activates and delivers payload

Question 2

Worm

Answer 2

Worm

• Self-replicating
• Travels throughout network without assistance of host app or user interaction
• Resides in memory
• Worms consume network bandwidth

Question 3

Trojan

Answer 3

Trojan

• Looks beneficial (pirated software, utility, game)
• Malicious website drive-by download
• Rogueware/scareware - popup on website that malware detected - gets users to download trojan antivirus software

Question 4

RAT

Answer 4

RAT
Remote Access Trojan
-Take control of system from remote location
-Often from drive-by downloads
-log keystrokes
-take screenshots
-explore network using credentials of user's computer
-Install more RATs on other sytems

Question 5

Watering Hole Attack

Answer 5

Watering Hole Attack

-Infect trusted website

Question 6

Polymorphic Malware

Answer 6

Polymorphic Malware

• Adds variations to files when it makes copies
• Heuristic anti-virus can detect - runs questionable code in sandbox, can detect zero-day vulnerabilities

Question 7

DEP

Answer 7

DEP
Data Execution Prevention
-Security feature that prevents code from executing in memory regions marked as non-executable
-Protects system from malware
-Enabled via hardware BIOS and Windows OS