Chapter 3

Refer to Chapter 3 - Slides 50 - Application Attacks
A buffer overflow occurs when data goes beyond the limits of a buffer. Buffers are memory areas allocated to an application. By changing data beyond the boundaries of a buffer, the application accesses memory allocated to other processes. This can lead to a system crash, data compromise, or provide escalation of privileges.

Refer to Chapter 3 - Slides 12 - Type of Malware
A rootkit modifies the operating system to create a backdoor. Attackers then use the backdoor to access the computer remotely. Most rootkits take advantage of software vulnerabilities to perform privilege escalation and modify system files. Privilege escalation takes advantage of programming errors or design flaws to grant the criminal elevated access to network resources and data. It is also common for rootkits to modify system forensics and monitoring tools, making them very hard to detect. Often, a user must wipe and reinstall the operating system of a computer infected by a rootkit.

Refer to Chapter 3 - Slides 11 - Type of Malware
Ransomware holds a computer system, or the data it contains, captive until the target makes a payment. Ransomware usually works by encrypting data in the computer with a key unknown to the user. The user must pay a ransom to the criminals to remove the restriction.
Some other versions of ransomware can take advantage of specific system vulnerabilities to lock down the system. Ransomware propagates as a Trojan horse and is the result of a downloaded file or some software weakness.
Payment through an untraceable payment system is always the criminal’s goal. Once the victim pays, the criminal supplies a program that decrypts the files or sends an unlock code. 

Refer to Chapter 3 - Slides 12 - Type of Malware
A backdoor refers to the program or code introduced by a criminal who has compromised a system. The backdoor bypasses the normal authentication used to access a system. A few common backdoor programs are Netbus and Back Orifice, which both allow remote access to unauthorized system users. The purpose of the backdoor is to grant the cyber criminals future access to the system even if the organization fixes the original vulnerability used to attack the system. Usually, criminals have authorized users unknowingly run a Trojan horse program on their machine to install the backdoor.

Refer to Chapter 3 - Slides 39 - Wireless and Mobile Attacks
SMiShing is short for SMS phishing. It uses Short Message Service (SMS) to send fake text messages. The criminals trick the user into visiting a website or calling a phone number. Unsuspecting victims may then provide sensitive information such as credit card information. Visiting a website might result in the user unknowingly downloading malware that infects the device.

Refer to Chapter 3 - Slides 9 - Type of Malware
A logic bomb is a malicious program that uses a trigger to awaken the malicious code. For example, triggers can be dates, times, other programs running, or the deletion of a user account. The logic bomb remains inactive until that trigger event happens. Once activated, a logic bomb implements a malicious code that causes harm to a computer. A logic bomb can sabotage database records, erase files, and attack operating systems or applications. Cybersecurity specialists recently discovered logic bombs that attack and destroy the hardware components in a workstation or server including the cooling fans, CPU, memory, hard drives and power supplies. The logic bomb overdrives these devices until they overheat or fail.

Refer to Chapter 3 - Slides 15 - Email and Browser Attacks
Adware typically displays annoying pop-ups to generate revenue for its authors