Flashcards in Chapter 9: Malware, Vulnerability, and Threats Deck (32)
Gathers and sends off your information without your consent
-It almost always exists for the purposes of commercial gain
Malware that shows you ads to generate revenue for the creator
Programs that can hide from the operating system
-It can hide anywhere with enough memory in which to reside, even video cards and PCI cards
-The best defense is not to download one!
Viewing Processes in Linux
ps -ef | more
-man will generally be able to give you definitions for processes
ps -u root will show you which processes are being used by root
Enters the system under the guise of a different program
-They can exist on a system for YEARS before they do anything
-A port scan may reveal them
-A trojan is not always a virus, but a virus CAN be a trojan by definition (a companion virus)
Common file extensions associated with viruses
They may also be hidden PDF documents, zip documents, and Microsoft Office documents due to Office's extensibility and poor security.
A program set to attack when a specific event occurs. This can be when a date is reached or when a certain combination of programs is run.
A program that creates an entrance for an attacker
-Back Orifice and NetBus were popular backdoor creators which are now blocked by most antivirus software.
A network of zombie computers used by a bot hoarder to combine processing power to do something malicious, often a DDoS. Windows 10 has established an extremely large botnet run by Microsoft for the purpose of decreasing server load while delivering updates and who knows what else.
Your files get encrypted or a password gets changed and you're asked to pay a ransom (in Bitcoin) to get it back. Cryptolocker is one I used to struggle with fixing on client machines.
Changes form to avoid detection. Usually encrypts parts of its data, decrypts, and encrypts another part, etc.
Mask themselves from applications to avoid detection. Generally hide next to the boot sector
Attacks or bypasses your antivirus
Maliciously attacks in a plethora of ways
Difficult to detect, analyze, or rid yourself of.
Attaches itself to legitimate applications and installs itself with a different file extension. Usually hides out in your temp folder. These are included in all files downloaded from sites like CNET, FileHippo, Download.com, and Softpedia.
Modifies other programs or databases
Exploits enhancements made to applications, such as spellcheck in Microsoft Word. This is the fastest growing virus right now.
Buffer Overflow Attack
Puts more data in the buffer than it can hold and then overwrites adjacent memory areas.
Pretending to be someone you're not.
Traffic intended for one host is sent to another
Phishing under the guise of someone the victim knows.
Phishing over VoIP
A Christmas tree packet is a packet with every single option set for whatever protocol is in use.
A large number of Christmas tree packets can also be used to conduct a DoS attack by exploiting the fact that Christmas tree packets require much more processing by routers and end-hosts than the 'usual' packets do.
Christmas tree packets can be easily detected by intrusion-detection systems or more advanced firewalls.
An attacker spoofs a valid IP, and sends out a broadcast ICMP Request which gets forwarded to all devices and everything replies, DoSsing the network
Watering Hole Attack
Watering Hole is a computer attack strategy in which the victim is a particular group (organization, industry, or region). In this attack, the attacker guesses or observes which websites the group often uses and infects one or more of them with malware. Eventually, some member of the targeted group gets infected.
Cross-Site Scripting (XSS)
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.
SQL injection (SQLi) refers to an injection attack wherein an attacker can execute malicious SQL statements (also commonly referred to as a malicious payload) that control a web application's database server (also commonly referred to as a Relational Database Management System – RDBMS).
Same thing as an SQL injection, but with Lightweight Directory Access Protocol