Chapter 9: Malware, Vulnerability, and Threats Flashcards Preview

CompTIA Security+ > Chapter 9: Malware, Vulnerability, and Threats > Flashcards

Flashcards in Chapter 9: Malware, Vulnerability, and Threats Deck (32)
Loading flashcards...
1
Q

Spyware

A

Gathers and sends off your information without your consent

-It almost always exists for the purposes of commercial gain

2
Q

Adware

A

Malware that shows you ads to generate revenue for the creator

3
Q

Rootkits

A

Programs that can hide from the operating system

  • It can hide anywhere with enough memory in which to reside, even video cards and PCI cards
  • The best defense is not to download one!
4
Q

Viewing Processes in Linux

A

<b>ps -ef | more</b>
-<b>man</b> will generally be able to give you definitions for processes
<b>ps -u root</b> will show you which processes are being used by root

5
Q

Trojan Horses

A

Enters the system under the guise of a different program

  • They can exist on a system for YEARS before they do anything
  • A port scan may reveal them
  • A trojan is not always a virus, but a virus CAN be a trojan by definition (a companion virus)
6
Q

Common file extensions associated with viruses

A
.bat
.com
.exe
.hlp
.pif
.scr
They may also be hidden PDF documents, zip documents, and Microsoft Office documents due to Office's extensibility and poor security.
7
Q

Logic Bombs

A

A program set to attack when a specific event occurs. This can be when a date is reached or when a certain combination of programs is run.

8
Q

Backdoor

A

A program that creates an entrance for an attacker

-Back Orifice and NetBus were popular backdoor creators which are now blocked by most antivirus software.

9
Q

Botnets

A

A network of zombie computers used by a bot hoarder to combine processing power to do something malicious, often a DDoS. Windows 10 has established an extremely large botnet run by Microsoft for the purpose of decreasing server load while delivering updates and who knows what else.

10
Q

Ransomware

A

Your files get encrypted or a password gets changed and you’re asked to pay a ransom (in Bitcoin) to get it back. Cryptolocker is one I used to struggle with fixing on client machines.

11
Q

Polymorphic Virus

A

Changes form to avoid detection. Usually encrypts parts of its data, decrypts, and encrypts another part, etc.

12
Q

Stealth Virus

A

Mask themselves from applications to avoid detection. Generally hide next to the boot sector

13
Q

Retrovirus

A

Attacks or bypasses your antivirus

14
Q

Multipartite Virus

A

Maliciously attacks in a plethora of ways

15
Q

Armored Virus

A

Difficult to detect, analyze, or rid yourself of.

16
Q

Companion virus

A

Attaches itself to legitimate applications and installs itself with a different file extension. Usually hides out in your temp folder. These are included in all files downloaded from sites like CNET, FileHippo, Download.com, and Softpedia.

17
Q

Phage Virus

A

Modifies other programs or databases

18
Q

Macrovirus

A

Exploits enhancements made to applications, such as spellcheck in Microsoft Word. This is the fastest growing virus right now.

19
Q

Buffer Overflow Attack

A

Puts more data in the buffer than it can hold and then overwrites adjacent memory areas.

20
Q

Spoofing Attack

A

Pretending to be someone you’re not.

  • IP spoofing
  • ARP spoofing
  • DNS spoofing
  • MAC spoofing
21
Q

Pharming Attacks

A

Traffic intended for one host is sent to another

22
Q

Spear phishing

A

Phishing under the guise of someone the victim knows.

23
Q

Vishing

A

Phishing over VoIP

24
Q

XMas Attack

A

A Christmas tree packet is a packet with every single option set for whatever protocol is in use.
A large number of Christmas tree packets can also be used to conduct a DoS attack by exploiting the fact that Christmas tree packets require much more processing by routers and end-hosts than the ‘usual’ packets do.
Christmas tree packets can be easily detected by intrusion-detection systems or more advanced firewalls.

25
Q

Smurf Attacks

A

An attacker spoofs a valid IP, and sends out a broadcast ICMP Request which gets forwarded to all devices and everything replies, DoSsing the network

26
Q

Watering Hole Attack

A

Watering Hole is a computer attack strategy in which the victim is a particular group (organization, industry, or region). In this attack, the attacker guesses or observes which websites the group often uses and infects one or more of them with malware. Eventually, some member of the targeted group gets infected.

27
Q

Cross-Site Scripting (XSS)

A

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.

28
Q

SQL Injection

A

SQL injection (SQLi) refers to an injection attack wherein an attacker can execute malicious SQL statements (also commonly referred to as a malicious payload) that control a web application’s database server (also commonly referred to as a Relational Database Management System – RDBMS).

29
Q

LDAP Injection

A

Same thing as an SQL injection, but with Lightweight Directory Access Protocol

30
Q

XML Injection

A

XML Injection is an attack technique used to manipulate or compromise the logic of an XML application or service. The injection of unintended XML content and/or structures into an XML message can alter the intend logic of the application.

31
Q

Zero-Day Exploit

A

A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it—this exploit is called a zero day attack. It’s a relatively common issue with Flash, Java, and Quicktime.

32
Q

Arbitrary Code Execution

A

In computer security, arbitrary code execution is used to describe an attacker’s ability to execute any commands of the attacker’s choice on a target machine or in a target process.