A user casually browsing the Internet is redirected to a warez site where a number of pop-ups appear.
After clicking on a pop-up to complete a survey, a drive-by download occurs. Which of the following is
MOST likely to be contained in the download?
A.
Backdoor
B.
Spyware
C.
Logic bomb
D.
DDoS
E.
Smurf
Explanation:
Spyware is software that is used to gather information about a person or organization without their
knowledge and sends that information to another entity.
Whenever spyware is used for malicious purposes, its presence is typically hidden from the user and can
be difficult to detect. Some spyware, such as keyloggers, may be installed by the owner of a shared,
corporate, or public computer intentionally in order to monitor users.
Incorrect Answers:
A: A backdoor in a computer system (or cryptosystem or algorithm) is a method of bypassing normal
authentication, securing unauthorized remote access to a computer, obtaining access to plaintext, and so
on, while attempting to remain undetected. The backdoor may take the form of an installed program
(e.g., Back Orifice) or may subvert the system through a rootkit. A backdoor is not what is described in
this question.
C: A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious
function when specified conditions are met. For example, a programmer may hide a piece of code that
starts deleting files should they ever be terminated from the company. A logic bomb is not what is
described in this question.D: A Distributed Denial of Service (DDoS) attack is an attack from several different computers targeting a
single computer.
Malware can carry DDoS attack mechanisms; one of the better-known examples of this was MyDoom. Its
DoS mechanism was triggered on a specific date and time. This type of DDoS involved hardcoding the
target IP address prior to release of the malware and no further interaction was necessary to launch the
attack. ADDoS attack is not what is described in this question.
E: A smurf attack is a type of network security breach in which a network connected to the Internet is
swamped with replies to ICMP echo (PING) requests. A smurf attacker sends PING requests to an Internet
broadcast address. These are special addresses that broadcast all received messages to the hosts
connected to the subnet. Each broadcast address can support up to 255 hosts, so a single PING request
can be multiplied 255 times. The return address of the request itself is spoofed to be the address of the
attacker’s victim. All the hosts receiving the PING request reply to this victim’s address instead of the real
sender’s address. A single attacker sending hundreds or thousands of these PING messages per second
can fill the victim’s T-1 (or even T-3) line with ping replies, bring the entire Internet service to its knees.
Smurfing falls under the general category of Denial of Service attacks — security attacks that don’t try to
steal information, but instead attempt to disable a computer or network. A smurf attack is not what is
described in this question.http://en.wikipedia.org/wiki/Spyware
http://en.wikipedia.org/wiki/Logic_bomb
http://en.wikipedia.org/wiki/Denial-of-service_attack
http://www.webopedia.com/TERM/S/smurf.html