Chapter 3 - Open Responses + True/False
In a buffer overflow attack, an attacker finds a vulnerability in poorly written code that doesn't check for a defined amount of memory space use.
True
Malware is malicious software, such as a virus, worm, or Trojan program, introduced into a network.
True
Whitelisting allows only approved programs to run on a computer.
True
What is the difference between spyware and adware?
Unlike spyware, adware does not perform malicious acts.
Explain how buffer overflow works
A buffer overflow occurs when a program or process attempts to write more data to a fixed length block of memory (a buffer), than the buffer is allocated to hold. By sending carefully crafted input to an application, an attacker can cause the application to execute arbitrary code, possibly taking over the machine.
What is a DDoS attack?
A denial of service is an action that prevents or impairs the authorized use of networks, systems, or applications by exhausting resources such as CPU, memory, bandwidth and disk space.
Explain how a basic computer virus operates and how it uses other host programs.
A virus operates by inserting or attaching itself to a legitimate program or document that supports macros in order to execute its code. In the process, a virus has the potential to cause unexpected or damaging effects, such as harming the system software by corrupting or destroying data. Computer viruses cannot reproduce and spread without programming such as a file or document.
A DDoS attack is launched against a host from a single server or workstation.
False
Malware programs cannot be detected by antivirus programs.
False
Describe the basic function and creation process of a macro virus.
Macro viruses work by embedding malicious code in the macros that are associated with documents, spreadsheets and other data files, causing the malicious programs to run as soon as the documents are opened. ... Once an infected macro is executed, it will typically infect every other document on a user's computer.
Explain the advantages of application whitelisting?
The most obvious use for application whitelisting is to block malware from entering and executing on endpoints within a network, but one secondary benefit to application whitelisting is the ability to manage, reduce, or control the demand on resources within a network. When employees are able to run only whitelisted applications, system crashes and slowed speeds are not as likely due to increased demands on network resources.
Explain how the two different types of keyloggers are used?
There are two types of keyloggers, based on the method used to log keystrokes: software keyloggers and hardware keyloggers. Hardware-based keyloggers are rare, as they require having physical access to the victim's device in order to manipulate the keyboard. However, software-based keyloggers are much more common, and may affect any device that is not properly protected. Usually, keyloggers are installed on target computers by other malware specimens, such as Trojans or viruses. For example, an attacker may trick the victim into clicking a malicious link, which then downloads the keylogger into the system.