Teardrop Attack in Computer Security

Questions and Answers

What is the primary goal of a Teardrop Attack?

• To steal sensitive information
• To spy on the user's activities
• To crash or halt the system (correct)
• To create a backdoor in the system

What does the hacker send to the victim system in a Teardrop Attack?

• A malicious executable file
• A large amount of data
• A fragmented message (correct)
• A virus-infected email

What happens to the victim system when it attempts to reconstruct the fragmented message?

• It halts or crashes (correct)
• It becomes faster and more efficient
• It starts behaving erratically
• It becomes slower but continues to function

What is the nature of the vulnerability exploited in a Teardrop Attack?

Vulnerability in fragment reassembly code (C)

What type of attack is a Teardrop Attack classified as?

Denial-of-Service (DoS) attack (D)

What is a characteristic of spyware?

It is usually used for targets of choice. (C)

What is an example of a form of spyware?

Web cookies (D)

What is a legal use of spyware?

To monitor employees (B)

What is a characteristic of rootkits?

It is a collection of hacking tools. (D)

What is a characteristic of malicious web-based code?

It is portable on all operating systems. (A)

How do antivirus software operate?

By scanning for virus signatures and watching the behavior of executables (B)

What is an example of anti-spyware software?

www.webroot.com (B)

What is the purpose of keeping the signature file updated in antivirus software?

To detect new viruses (C)

What is a common way to avoid getting infected by viruses?

Using a virus scanner (B)

What can a Trojan horse do to a system?

Download harmful software and install a key logger (C)

What is the result of a buffer overflow attack?

Valid data is overwritten and arbitrary code can be executed (B)

Why should company policy prohibit unauthorized downloads?

To avoid downloading Trojan horses (B)

What is a characteristic of a competent programmer who crafts a Trojan horse?

They can craft a Trojan horse to appeal to a certain person or demographic (A)

What is the purpose of a code word for safe attachments from friends?

To identify safe attachments from friends (C)

What can a virus do to a system?

Cause execution of arbitrary code (D)

What is the result of writing data beyond the allocated end of a buffer?

Valid data can be overwritten (B)

What is a characteristic of a computer virus?

It is a type of malware that self-replicates (C)

How do viruses typically spread through a network?

By finding a network connection and copying itself to other hosts (A)

What is a common method of virus propagation through email?

By sending itself to everyone in the host's address book (B)

Why is Microsoft Outlook a popular target for viruses?

Because it is easy to work with and can be programmed to send emails covertly (C)

What is a type of malware that disguises itself as a legitimate program?

Trojan horse (D)

What is a buffer overflow attack?

A type of attack that exploits a buffer overflow vulnerability (B)

What is spyware?

A type of malware that steals user data (D)

What is the primary goal of defending against malware attacks?

To prevent the spread of malware (B)

Study Notes

Malware

• Malware requires more technical knowledge and is usually used for targets of choice.
• It must be tailored to specific circumstances and deployed.

Spyware

• Forms of spyware include web cookies and key loggers.
• Legal uses of spyware include monitoring children's computer use and employee monitoring.
• Illegal uses of spyware involve covert deployment.
• There are free spyware removal software available.

Other Forms of Malware

• Rootkit is a collection of hacking tools that can:
  • Monitor traffic and keystrokes
  • Create a backdoor
  • Alter log files and existing tools to avoid detection
  • Attack other machines on the network

Malicious Web-Based Code

• Web-based mobile code is portable on all operating systems and can spread quickly on the web.
• Poorly scripted code can result in vulnerabilities.

Detecting and Eliminating Viruses and Spyware

• Antivirus software operates in two ways:
  • Scans for virus signatures and keeps the signature file updated
  • Watches the behavior of executables, such as attempts to access email address book or change registry settings
• Anti-spyware software is available from websites like webroot.com, spykiller.com, zerospy.com, and spectorsoft.com

Viruses

• A computer virus self-replicates and spreads rapidly, and may or may not have a malicious payload.
• Viruses can spread through:
  • Network connections
  • Email, using Microsoft Outlook or other email engines
  • Web site delivery, relying on end-user negligence
• Multiple vectors for a virus are becoming more common.
• Rules for avoiding viruses include:
  • Using a virus scanner
  • Not opening questionable attachments
  • Using a code word for safe attachments from friends
  • Not believing "Security Alerts"

Trojan Horses

• A Trojan horse is a program that looks benign but is not, and can:
  • Download harmful software
  • Install a key logger
  • Open a back door for hackers
• Company policy should prohibit unauthorized downloads.

The Buffer Overflow Attack

• A buffer overflow attack occurs when a program writes data beyond the allocated end of a buffer, causing valid data to be overwritten.
• This can cause execution of arbitrary (and potentially malicious) code.
• A buffer overflow attack can be prevented by using security patches and keeping software up-to-date.

Description

Learn about the teardrop attack, a type of denial-of-service attack where a hacker sends fragmented messages to a victim system, causing it to crash or halt. Understand how this attack works and its effects on computer systems.