Malicious Code Types

Questions and Answers

What is the primary goal of pharming attacks?

• To wiretap email traffic
• To redirect users to a fake website and steal sensitive information (correct)
• To eavesdrop on network communications
• To steal credit card information

What is the term for attacks that originate from inside a business?

• Phishing attacks
• Cracker attacks
• Sniffing attacks
• Insider attacks (correct)

What is the term for malicious apps that contain adware?

• Madware (correct)
• Vishing
• Malware
• Smishing

What is the purpose of email wiretaps?

To record email traffic at the mail server (A)

What is the primary security risk associated with mobile platforms?

Same risks as any Internet device (D)

What is the term for a type of attack that targets merchant servers and uses stolen data to establish credit under false identities?

Credit card fraud/theft (A)

What is the primary characteristic of a virus?

It has the ability to replicate and spread to other files (D)

What is the term for a malicious code that can be covertly installed on one or more computers when attached to the Internet?

Bot (C)

What is the goal of phishing attacks?

To obtain confidential information for financial gain (B)

What is the term for a web site that seems legitimate but fools users into entering financial data?

Spoofing (A)

What is the term for exploiting human fallibility and gullibility to distribute malware?

Social engineering (C)

What is the result of a computer being infected with a bot?

It becomes a zombie (A)

Study Notes

Malicious Code

• Viruses: replicate and spread to other files, can be benign or destructive
• Worms: spread from computer to computer without activation needed
• Trojan horses: hide viruses or malicious code, e.g., fake links
• Drive-by downloads: malware comes with downloaded files requested by users
• Backdoors: allow remote access to compromised computers
• Bots and botnets: malware that responds to external commands, turning computers into "zombies"

Phishing and Scams

• Phishing: deceptive online attempts to obtain confidential info for financial gain
• Spear phishing: targets specific business customers
• Spoofing: creating fake websites to deceive users into entering financial data
• Email scams: fraudulent emails to obtain sensitive information
• Social engineering: exploiting human fallibility to distribute malware
• Identity theft: stealing personal info for financial gain

Data Breach and Fraud

• Data breach: losing control over corporate info to outsiders
• Credit card fraud/theft: hackers target merchant servers, establish credit under false identities
• Pharming: redirecting web links to fake sites, stealing info

Network and Device Security

• Sniffing: eavesdropping on network info, including email wiretaps
• Insider attacks: attacks from within a business (most frequent type of attack)
• Mobile platform security issues: same risks as any internet device
• Vishing: targeting cell phone users with verbal scams
• Smishing: exploiting SMS messages
• Madware: innocent-looking apps with adware

Cloud Security

• Cloud security issues: major issues with Dropbox, including username and password theft, and iOS app security holes
• DDoS attacks: threatening availability of cloud services

Description

Learn about different types of malicious code, including viruses, worms, Trojan horses, drive-by downloads, backdoors, and bots. Understand their characteristics and how they spread.