Types of Attacks/Malware Flashcards
_____ is software installed alongside a package or from a computer store that the user did not request.
Potentially unwanted programs (PUP) or
potentially unwanted applications (PUA)
_____ are malware concealed within an installer package for software that appears to be legitimate
Trojans
_____ is a fake antivirus, where a web pop-up claims to have detected viruses on the computer and prompts the user to initiate a full scan, which installs the attacker’s Trojan.
rogueware
_____ are memory-resident viruses that replicate over network resources
Worms
The primary effect of a worm infestation is to rapidly consume network bandwidth as the worm replicates. A worm may also be able to perform a Denial of Service attack by crashing operating systems and servers.
A _____, sequences of code insert themselves into another executable program. When executing the application, the virus code becomes active.
program virus
A _____ uses both boot sector and executable file infection methods of propagation.
multipartite virus
A _____ uses the programming features available in Microsoft Office files.
macro virus
A _____ is a type of brute force attack aimed at exploiting collisions in hash functions. A collision is where a function produces the same hash value for two different plaintexts.
Birthday attack
A _____ is a password attack that allows an attacker to use a set of plaintext passwords and their hashes to crack passwords.
Rainbow table attack
A _____ is a malicious program or script set to run under particular circumstances or in response to a defined event
Logic Bomb
A _____ is a scripted trap that runs in the event an account gets deleted or disabled
Mine
Anti-virus software is unlikely to detect this kind of malicious script or program, so the security specialist would not be able to discover the script during an investigation. The security specialist would uncover the mine once it gets executed and causes damage.
A _____ functions as a backdoor and allows the attacker to access the PC, upload files, and install software on it.
Remote Access Trojan (RAT)
A fileless malicious software can replicate between processes in memory on a local host or over network shares. What other behaviors and techniques would classify a malware as fileless rather than a normal virus? (Select all that apply.)
- Uses “Live off the land” techniques
- Runs lightweight shellcode
- Uses low observable characteristic attacks
- Writes code to disk
1, 2, and 3
Fileless malware uses “live off the land” techniques rather than compiled executables to evade detection. This means that the malware code uses legitimate scripting tools like Windows PowerShell.
Fileless malware uses lightweight shellcode to achieve a backdoor mechanism on the host. The shellcode is easy to recompile in an obfuscated form to evade detection by scanners.
Fileless malware can be classified as using low observable characteristics (LOC) attacks which can make it less intrusive than other malware
Fileless malicious software (malware) does not write code to disk. The malware uses memory resident techniques to run in its own process.
_____ is a horizontal brute-force online attack. This means that the attacker chooses one or more common passwords and tries to use them in conjunction with multiple usernames.
Password Spraying
An _____ attack is where the hacker interacts directly with the authentication service and submits multiple passwords (and variations) to gain access with a single account (e.g., root).
Online Password
