BOOK: Ch 6, 7, 10

Question 1

Malware propagation mechanisms include those used by…(3)

Answer 1

viruses, worms and Trojans

Question 2

______ include system corruption, bots, phishing, spyware, and rootkits.

Answer 2

Payloads

Question 3

Virus Dormant Phase

Answer 3

The Virus is Idle.

Question 4

Virus Propagation Phase

Answer 4

The virus places a copy of itself into other programs orinto certain system areas on the disk.

Question 5

Virus Triggering Phase

Answer 5

The virus is activated to perform the function for which it was intended.

Question 6

Virus Execution Phase

Answer 6

The function is performed. The function may be harmless, such as a message on the screen, or damaging, such as the destruction ofprograms and data files.

Question 7

Infects files with macro or scripting code that is interpreted by an application.

Answer 7

Macro Virus

Question 8

Infects files that the operating system or shell consider to be executable.

Answer 8

File Infector Virus

Question 9

An attack, that exploits social engineering to leverage user’s trust by masquerading as communications from a trusted source

Answer 9

Phishing Attack

Question 10

The recipients are carefully researched by the attacker, and each e-mail is carefully crafted to suit its recipient specifically, often quoting a range of information to convince them of its authenticity.

Answer 10

Spear-Phishing Attack

Question 11

Is a set of programs installed on a system to maintain covert access to thatsystem with administrator (or root) privileges, while hiding evidence of its presenceto the greatest extent possible.

Answer 11

Rootkit

Question 12

An attempt to compromise availabilityby hindering or blocking completely the provision of some service.

Answer 12

Denial-of-service (DoS) attack

Question 13

DDoS Flooding attack targets…(3)

Answer 13

Network BW, System resources, Application resources

Question 14

The ICMP echo responsepackets generated in response to a ping flood using randomly spoofed source addresses is a good example.

Answer 14

Backscatter Traffic

Question 15

This attacks the ability of a network server to respond to TCP connection requests by overflowing the tables used to manage such connections.

Answer 15

DoS attach, SYN Spoofing Attack

Question 16

The attacker sends packets to a known service on the intermediary with a spoofed source addressof the actual target system. When the intermediary responds, the response is sent tothe target.

Answer 16

Reflection attack

Question 17

Involve sending apacket with a spoofed source address for the target system to intermediaries. Theydiffer in generating multiple response packets for each original packet sent. This canbe achieved by directing the original request to the broadcast address for some network.

Answer 17

Amplification Attacks

Question 18

A condition at an interface under which more input can be placed into a buffer or data holding area than the capacity allocated, overwritingother information. Attackers exploit such a condition to crash a system or to insert speciallycrafted code that allows them to gain control of the system.

Answer 18

Buffer Overflow

Question 19

Instead of the sequence of letters used as padding in the example above, binary values corresponding to the desired machine instructions were used.

Answer 19

Shellcode

Question 20

Aim to prevent or detect buffer overflows by instrumenting programs when they are compiled.

Answer 20

Compile-Time Defenses

Question 21

Can be deployed as operating systems updates to provide some protection for existing vulnerableprograms. These defenses involve changes to the memory management of the virtualaddress space of processes.

Answer 21

Run-Time Defenses

Question 22

Most commonlythe address of a standard library function is chosen, such as the system() function. The attacker specifies an overflow that fills the buffer, replaces the savedframe pointer with a suitable address, replaces the return address with the address of the desired library function, writes a placeholder value that the library function will believe is a return address, and then writes the values of one (or more) parameters to this library function.

Answer 22

Return-to-system-call Attack

Question 23

If the allocated space includes a pointer to afunction, which the code then subsequently calls, an attacker can arrange for this address to be modified to point to shellcode in the overwritten buffer.

Answer 23

Heap Buffer Overflow