Which of the following is described as an attack against an application using a malicious file?
A.
Client side attack
B.
Spam
C.
Impersonation attack
D.
Phishing attack
Explanation:
In this question, a malicious file is used to attack an application. If the application is running on a client
computer, this would be a client side attack. Attacking a service or application on a server would be a
server side attack.
Client-side attacks target vulnerabilities in client applications interacting with a malicious data. The
difference is the client is the one initiating the bad connection.
Client-side attacks are becoming more popular. This is because server side attacks are not as easy as they
once were according to apache.org.
Attackers are finding success going after weaknesses in desktop applications such as browsers, media
players, common office applications and e-mail clients.
To defend against client-side attacks keep-up the most current application patch levels, keep antivirus
software updated and keep authorized software to a minimum.
Incorrect Answers:
B: Spam is most often considered to be electronic junk mail or junk newsgroup postings. Some people
define spam even more generally as any unsolicited email. However, if a long-lost brother finds your
email address and sends you a message, this could hardly be called spam, even though it is unsolicited.
Real spam is generally email advertising for some product sent to a mailing list or newsgroup.
In addition to wasting people’s time with unwanted e-mail, spam also eats up a lot of network bandwidth.
Consequently, there are many organizations, as well as individuals, who have taken it upon themselves to
fight spam with a variety of techniques. But because the Internet is public, there is really little that can be
done to prevent spam, just as it is impossible to prevent junk mail. However, some online services have
instituted policies to prevent spammers from spamming their subscribers. The attack described in this
question is not an example of spam.C: Impersonation is where a person, computer, software application or service pretends to be someone
it’s not. Impersonation is commonly non-maliciously used in client/server applications. However, it can
also be used as a security threat. However, the attack described in this question is not an example of
impersonation.
D: Phishing is the act of sending an email to a user falsely claiming to be an established legitimate
enterprise in an attempt to scam the user into surrendering private information that will be used for
identity theft.
Phishing email will direct the user to visit a website where they are asked to update personal information,
such as a password, credit card, social security, or bank account numbers, that the legitimate organization
already has. The website, however, is bogus and set up only to steal the information the user enters on
the page.
Phishing emails are blindly sent to thousands, if not millions of recipients. By spamming large groups of
people, the “phisher” counts on the email being read by a percentage of people who actually have an
account with the legitimate company being spoofed in the email and corresponding webpage.
Phishing, also referred to as brand spoofing or carding, is a variation on “fishing,” the idea being that bait
is thrown out with the hopes that while most will ignore the bait, some will be tempted into biting. The
attack described in this question is not an example of spam.http://blog.botrevolt.com/what-are-client-side-attacks/
http://www.webopedia.com/TERM/S/spam.html
http://www.webopedia.com/TERM/P/phishing.html