| question | |
|---|
| You cannot write a buffer overflow in Java because you can't overflow an ... | |
| an attack that bogs down a server with a generated workload, generally a network packet load from a flooder | |
| Buffer is the last data item on the stack frame; the ******** from this function will be at a defined distance after it | |
| A computer *** is code that recursively replicates a copy of itself (purists say they don't spread over networks.) | |
| Some reasons why **** transport provides opportunities for malicious code transport: browsers have hidden background tasks, data packets sent through this can be 'snooped,' prevale | |
| two examples of standalone attack code (written in HLL or script) | |
| What are the four ways used to classify a malicious attack? (HHWW) | |
| malicious code that awakens itself on a certain date and/or time | |
| this form of internet access means many machines are always on and always connected | |
| These make a system open to an attack: System admin and configuration flaws, dangerous user behavior... Thus they are... | |
| virus generator program | |
| These allow viruses to probe the internet for the next victim machine | |
| The following are examples of what? :: Unguarded buffer overflow in OS which allows attacker to run arbit. command, gain root access; failure to validate user input, allowing Activ | |
| What does CWE stand for? | |
| program that generates a large amount of network traffic to a certain server | |
| This is the most common code vulnerability yet simple to guard against; cause by array bounds not being checked at run time (like after scanf or printf) | |
| These exploit OS weakness to run commands as root or admin | |
| This was a mass mailer virus that came in an attachment called LOVE-LETTER-FOR-YOU.TXT (.vbs) | |
| What does CVE stand for? | |
| a worm that emails itself to another user | |
| this is a medium through which viruses can be transported, hidden as attachments containing executable files | |
| | question | |
|---|
| Why might Chrome, a browser architecture, not have as many malicious attacks written for it? | |
| These are examples of how *** is executed: return address can be changed to mali. code, function pointer can point to mali. code, output file name for a program can be overwritten | |
| Name this attack: Attacker enters a char string that is VERY long containing malicious code object. At the end of the code, the attack passes the address of the variable 'buffer: s | |
| hardware and/or software used to enforce a network access policy by filtering out some packets before they get routed by the network router | |
| malicious code that becomes active when certain conditions are met; hard at times to figure out the trigger | |
| hidden access method in software, known only to the attacker; downloaded after attacker has already compromised the machine | |
| a worm that emails itself to multiple recipients | |
| a malicious program that captures keystrokes on an infected system, usually to steal passwords, etc | |
| List three examples of worms (alpha.) | |
| | |
| the malicious code that performs operations other than replication, e.g. deleting files, modifying files, stealing passwords | |
| One example of a user behavior vulnerability | |
| What is the most (probably) common language in which to create an attack | |
| downloaded virus generator kits (basically a compiler...) | |
| e.g. 1998 Taiwanese virus, CIH, overwrote the flash BIOS of more than 10,000 PCs | |
| Assembly code makes it easier to **** a virus, or make it hard to identify the virus with a scanner | |
| these slowly change data on disk eluding detection until damaged data has probably infected backup tapes | |
| Why would a somewhat destructive payload sometimes be more damaging than a highly destructive payload? | |
| these are attacjs that flood a website | |
| To disguise the executable within a virus transported over email, say with a .vbs extension, windows OS helps by... | |
| This 1988 worm used a list of only 432 common passwords and succeeded in cracking many user accounts all over the internet | |
| | question | |
|---|
| What are these: loss of data, loss of computer resources, lost time, loss of privacy, loss of confidentiality, monetary loss | |
| an attack that takes advantage of a specific vulnerability | |
| a background program that collects data on a computer's user browsing and computing habits, often installed without explicit permission | |
| Code that seems to be benign and useful (e.g. a screen saver) that performs replication and/or malicious operations in the background | |
| This group, abbreviated VCL, were the first to produce viruses that became widespread (1992)- written in assembly | |
| any form of malicious software | |
| Name this payload classification: viruses that try to disable a particular antivirus program but attack nothing else; HPS was a windows 95 virus that activated if you booted up on | |
| Name this payload classification: virus just replicates; creator might be testing a concept- can i infect this?; creator is playing with antivirus researchers, more viruses in this | |
| These create standalone programs but they can embed viruses in applications when they are first executed. The first one was made in Germany, 1990. These often die out like biologic | |
| virus, worm, mailer, and mass mailer do not refer to the actual payload, rather the... | |
| this is just a virus that spreads over network; self-propagating | |
| Name the 5 classifications of a payload in ascending order of severity | |
| Name this payload classification: loss od data, loss of privacy, DOS; data diddlers; hardware destroyers | |
| This term defines the malicious code that is delivered into the system by the virus. By this criteria, rather than categorizing by privacy, time loss, data loss, etc., the severity | |
| A tip off that you've been infected by a virus | |
| These attacks are useful because they can call basic OS system functions, thus making OS designers carefully decide what functions can be called by user-level scripts. These attack | |
| This term often refers only to vulnerable code in an OS or applications. It means a system has a weakness that attacks may be concerned with how to exploit | |
| early viruses were shared among users through... | |
| these provide an analogous way to transport viruses in the same way floppy disks used to | |
| Name this payload classification: 'Stoned' virus example; tried to save the disk boot sector, infect and replicate, then restore boot sector, accidentally copied the boot sector on | |
| Name this payload classification: payload displays a message on the screen for a few seconds; no other action is taken; about half of all viruses are either of this form or of no p | |
|
