1_3_7 Section 1 – Attacks, Threats, and Vulnerabilities - 1.3 – Application Attacks - Driver Manipulation

Questions and Answers

What makes a zero day attack particularly appealing to attackers?

• It is an attack that relies on outdated vulnerabilities
• It is an attack that is very common and easily detected by antivirus software
• It is an attack type that is unknown and has no existing signatures for detection (correct)
• It is an attack that targets a system with numerous security measures in place

What role do drivers play in a potential malware attack on a computer system?

• They act as a conduit between hardware and software, making them a potential target for attackers (correct)
• They are responsible for downloading antivirus signatures for detection
• They are designed to detect and eliminate malware from the system
• They provide virtual security layers to prevent malware attacks

Why are attackers interested in finding new attack types for infecting computers?

• To improve the performance of the computer systems
• To increase the speed of the internet connection
• To enhance the audio quality of the computer
• To bypass existing antivirus software signatures (correct)

What makes the audio drivers on Hewlett-Packard systems vulnerable to malware attacks in May 2016?

The drivers included some software that interacted with them, creating a potential security gap (A)

What characteristic of new attack types makes them challenging for antivirus software to detect?

They lack existing signatures for detection (B)

How do most antivirus and anti-malware software function in preventing known vulnerabilities?

By downloading signatures that match known vulnerabilities to block potential threats (A)

What feature was included in the audio control software discussed?

Debugging feature (B)

What is the purpose of a shim in the context of the text?

To fit between two objects (A)

How can malware authors take advantage of the Windows compatibility mode?

By inserting additional code into malware (A)

What is a key logger used for in the context of the text?

Gathering keystroke information (C)

What is the purpose of using refactoring in malware creation?

To create unique versions of malware (A)

How does a shim relate to putting malware onto a computer?

It provides a pathway for malware insertion (A)

What technique does metamorphic malware use to avoid detection by antivirus software?

Adding loops and pointless code strings (D)

How can an attacker use the key logger feature in audio control software?

To gather keystroke information (C)

What is the role of a shim in the Windows compatibility mode?

To run applications as if in a different operating system (C)

How do shims relate to malware insertion based on the text?

Shims provide a means for inserting malware onto a computer (B)

What is a zero day attack?

A type of attack that is unknown and has no signatures for detection (D)

How do attackers exploit hardware drivers in a system?

By exploiting the trust relationship between the drivers and the operating system (D)

What was the vulnerability associated with audio drivers on Hewlett-Packard systems in May 2016?

The presence of audio controls software that interacted maliciously with the driver (B)

Why are zero day attacks particularly challenging for antivirus software?

Because they exploit new vulnerabilities that have no signatures for detection (A)

How do attackers adapt to overcome antivirus software's ability to stop known vulnerabilities?

By creating new types of attacks that are not recognized by existing signatures (D)

What role do hardware drivers play in a malware attack on a computer system?

They serve as an intermediary between hardware and software, making them vulnerable conduits (A)

What does a key logger included in the audio control software allow an attacker to do?

Record and gather information on keystrokes typed on the computer (A)

How does refactoring help malware authors evade detection by antivirus software?

Reorders functions within the malware (A)

What is the purpose of using a shim in the context of Windows compatibility mode?

Run applications as if they are in a different operating system (C)

How can an attacker exploit the compatibility mode feature in Windows to elevate user privileges?

By adding no op instructions to malware (B)

What is the main purpose of a shim in the context of the text?

Fit into a gap between different objects (A)

Why do malware authors use metamorphic malware when creating malicious programs?

To create unique versions of malware that evade detection (C)

In what way can malware authors utilize the shimmed area to infiltrate a computer system?

By introducing malware through shim cache information transfer (C)

How does a key logger in audio control software demonstrate vulnerabilities in driver security?

Key loggers can gather sensitive information without detection (A)

Why is refactoring commonly used by malware authors in creating new malicious programs?

'Refactoring' helps create unique versions of malware to bypass antivirus detection (C)

How does using a shimmed area allow malware authors to circumvent security features in Windows systems?

By inserting malware through areas like compatibility mode cache (A)