Teardrop Attack in Computer Security

Questions and Answers

What is the primary goal of a Teardrop Attack?

To crash or halt the system

What does the hacker send to the victim system in a Teardrop Attack?

A fragmented message

What happens to the victim system when it attempts to reconstruct the fragmented message?

It halts or crashes

What is the nature of the vulnerability exploited in a Teardrop Attack?

Vulnerability in fragment reassembly code

What type of attack is a Teardrop Attack classified as?

Denial-of-Service (DoS) attack

What is a characteristic of spyware?

It is usually used for targets of choice.

What is an example of a form of spyware?

Web cookies

What is a legal use of spyware?

To monitor employees

What is a characteristic of rootkits?

It is a collection of hacking tools.

What is a characteristic of malicious web-based code?

It is portable on all operating systems.

How do antivirus software operate?

By scanning for virus signatures and watching the behavior of executables

What is an example of anti-spyware software?

www.webroot.com

What is the purpose of keeping the signature file updated in antivirus software?

To detect new viruses

What is a common way to avoid getting infected by viruses?

Using a virus scanner

What can a Trojan horse do to a system?

Download harmful software and install a key logger

What is the result of a buffer overflow attack?

Valid data is overwritten and arbitrary code can be executed

Why should company policy prohibit unauthorized downloads?

To avoid downloading Trojan horses

What is a characteristic of a competent programmer who crafts a Trojan horse?

They can craft a Trojan horse to appeal to a certain person or demographic

What is the purpose of a code word for safe attachments from friends?

To identify safe attachments from friends

What can a virus do to a system?

Cause execution of arbitrary code

What is the result of writing data beyond the allocated end of a buffer?

Valid data can be overwritten

What is a characteristic of a computer virus?

It is a type of malware that self-replicates

How do viruses typically spread through a network?

By finding a network connection and copying itself to other hosts

What is a common method of virus propagation through email?

By sending itself to everyone in the host's address book

Why is Microsoft Outlook a popular target for viruses?

Because it is easy to work with and can be programmed to send emails covertly

What is a type of malware that disguises itself as a legitimate program?

Trojan horse

What is a buffer overflow attack?

A type of attack that exploits a buffer overflow vulnerability

What is spyware?

A type of malware that steals user data

What is the primary goal of defending against malware attacks?

To prevent the spread of malware

Study Notes

Malware

• Malware requires more technical knowledge and is usually used for targets of choice.
• It must be tailored to specific circumstances and deployed.

Spyware

• Forms of spyware include web cookies and key loggers.
• Legal uses of spyware include monitoring children's computer use and employee monitoring.
• Illegal uses of spyware involve covert deployment.
• There are free spyware removal software available.

Other Forms of Malware

• Rootkit is a collection of hacking tools that can:
  • Monitor traffic and keystrokes
  • Create a backdoor
  • Alter log files and existing tools to avoid detection
  • Attack other machines on the network

Malicious Web-Based Code

• Web-based mobile code is portable on all operating systems and can spread quickly on the web.
• Poorly scripted code can result in vulnerabilities.

Detecting and Eliminating Viruses and Spyware

• Antivirus software operates in two ways:
  • Scans for virus signatures and keeps the signature file updated
  • Watches the behavior of executables, such as attempts to access email address book or change registry settings
• Anti-spyware software is available from websites like webroot.com, spykiller.com, zerospy.com, and spectorsoft.com

Viruses

• A computer virus self-replicates and spreads rapidly, and may or may not have a malicious payload.
• Viruses can spread through:
  • Network connections
  • Email, using Microsoft Outlook or other email engines
  • Web site delivery, relying on end-user negligence
• Multiple vectors for a virus are becoming more common.
• Rules for avoiding viruses include:
  • Using a virus scanner
  • Not opening questionable attachments
  • Using a code word for safe attachments from friends
  • Not believing "Security Alerts"

Trojan Horses

• A Trojan horse is a program that looks benign but is not, and can:
  • Download harmful software
  • Install a key logger
  • Open a back door for hackers
• Company policy should prohibit unauthorized downloads.

The Buffer Overflow Attack

• A buffer overflow attack occurs when a program writes data beyond the allocated end of a buffer, causing valid data to be overwritten.
• This can cause execution of arbitrary (and potentially malicious) code.
• A buffer overflow attack can be prevented by using security patches and keeping software up-to-date.