1_3_7 Section 1 – Attacks, Threats, and Vulnerabilities - 1.3 – Application Attacks - Driver Manipulation

Questions and Answers

What makes a zero day attack particularly appealing to attackers?

It is an attack that relies on outdated vulnerabilities

It is an attack that is very common and easily detected by antivirus software

It is an attack type that is unknown and has no existing signatures for detection (correct)

It is an attack that targets a system with numerous security measures in place

What role do drivers play in a potential malware attack on a computer system?

They act as a conduit between hardware and software, making them a potential target for attackers (correct)

They are responsible for downloading antivirus signatures for detection

They are designed to detect and eliminate malware from the system

They provide virtual security layers to prevent malware attacks

Why are attackers interested in finding new attack types for infecting computers?

To improve the performance of the computer systems

To increase the speed of the internet connection

To enhance the audio quality of the computer

To bypass existing antivirus software signatures (correct)

What makes the audio drivers on Hewlett-Packard systems vulnerable to malware attacks in May 2016?

The drivers included some software that interacted with them, creating a potential security gap

What characteristic of new attack types makes them challenging for antivirus software to detect?

They lack existing signatures for detection

How do most antivirus and anti-malware software function in preventing known vulnerabilities?

By downloading signatures that match known vulnerabilities to block potential threats

What feature was included in the audio control software discussed?

Debugging feature

What is the purpose of a shim in the context of the text?

To fit between two objects

How can malware authors take advantage of the Windows compatibility mode?

By inserting additional code into malware

What is a key logger used for in the context of the text?

Gathering keystroke information

What is the purpose of using refactoring in malware creation?

To create unique versions of malware

How does a shim relate to putting malware onto a computer?

It provides a pathway for malware insertion

What technique does metamorphic malware use to avoid detection by antivirus software?

Adding loops and pointless code strings

How can an attacker use the key logger feature in audio control software?

To gather keystroke information

What is the role of a shim in the Windows compatibility mode?

To run applications as if in a different operating system

How do shims relate to malware insertion based on the text?

Shims provide a means for inserting malware onto a computer

What is a zero day attack?

A type of attack that is unknown and has no signatures for detection

How do attackers exploit hardware drivers in a system?

By exploiting the trust relationship between the drivers and the operating system

What was the vulnerability associated with audio drivers on Hewlett-Packard systems in May 2016?

The presence of audio controls software that interacted maliciously with the driver

Why are zero day attacks particularly challenging for antivirus software?

Because they exploit new vulnerabilities that have no signatures for detection

How do attackers adapt to overcome antivirus software's ability to stop known vulnerabilities?

By creating new types of attacks that are not recognized by existing signatures

What role do hardware drivers play in a malware attack on a computer system?

They serve as an intermediary between hardware and software, making them vulnerable conduits

What does a key logger included in the audio control software allow an attacker to do?

Record and gather information on keystrokes typed on the computer

How does refactoring help malware authors evade detection by antivirus software?

Reorders functions within the malware

What is the purpose of using a shim in the context of Windows compatibility mode?

Run applications as if they are in a different operating system

How can an attacker exploit the compatibility mode feature in Windows to elevate user privileges?

By adding no op instructions to malware

What is the main purpose of a shim in the context of the text?

Fit into a gap between different objects

Why do malware authors use metamorphic malware when creating malicious programs?

To create unique versions of malware that evade detection

In what way can malware authors utilize the shimmed area to infiltrate a computer system?

By introducing malware through shim cache information transfer

How does a key logger in audio control software demonstrate vulnerabilities in driver security?

Key loggers can gather sensitive information without detection

Why is refactoring commonly used by malware authors in creating new malicious programs?

'Refactoring' helps create unique versions of malware to bypass antivirus detection

How does using a shimmed area allow malware authors to circumvent security features in Windows systems?

By inserting malware through areas like compatibility mode cache