Exam Objectives Fast Track | SSCP Study Guide and DVD Training System

Malicious code can be simply defined as programming language code used or created in a malicious manner. Code is the nickname assigned to a program written in languages such as (but not limited to) C, C++, Java and Fortran.
The most widely used term for malicious code is malware. Malware is code that has been specifically written to be malicious.
Viruses are programs that are usually installed without the user's awareness and perform undesired actions that are often harmful or annoying. Viruses replicate themselves, infecting other systems by writing themselves to any diskette that is used in the computer or sending themselves across the network.
A worm is a program that can travel across a network from one computer to another. Sometimes different parts of a worm run on different computers. Worms are able to create multiple copies of themselves and spread throughout a network without any user intervention.
Trojan horse applications are programs that appear to be legitimate or innocent but actually do something else in addition to or instead of their ostensible purposes.

The purpose of a Denial of Service attack is to render a network inaccessible by generating a type or amount of network traffic that crashes the servers, overwhelms the routers, or otherwise prevents the network's devices from functioning properly.
Distributed DoS (DDoS), attacks use intermediary computers, called agents, on which programs called zombies have previously been surreptitiously installed. The hacker activates these zombie programs remotely, causing the intermediary computers (which can number in the hundreds or even thousands) to simultaneously launch a DoS attack.
SYN attacks exploit the TCP "three-way handshake," the process by which a communications session is established between two computers.
The Ping of Death attack is launched by creating an IP packet larger than 65,536 bytes, which is the maximum allowed by the IP specification. This packet can cause the target system to crash, hang, or reboot.
IP spoofing involves changing the packet headers of a message to indicate that it came from an IP address other than the true source. In essence, the sending computer impersonates another machine, fooling the recipient into accepting its messages which would otherwise be filtered out.

An application-based exploit is an exploit of an application or operating system. Typical causes of an application-based exploit would be poor coding, back doors, bugs and/or mistakes.
Back doors are by far the worst of all poor coding offenses. A back door is a way left in the code for the programmer to get back into the system or program behind the normal methods provided with the final release of the software.

Social engineering is defined as obtaining confidential information by means of human interaction.

A sniffer is a tool that enables a machine to eavesdrop on all packets that are passing over the wire (or through the air on a wireless network), even the ones not destined for that host. This is a very powerful technique for diagnosing network problems, but it can also be used maliciously to scan for passwords, e-mail, or any other type of data sent in the clear.
The term port scanner, refers to a software program that hackers use to remotely determine what TCP/UDP ports are open on a given system and thus vulnerable to attack.
A total of 65,535 TCP ports (and the same number of UDP ports) are used for various services and applications.

Antivirus software is used to detect and help repair malware problems located on your network and systems.
AV software companies can look for viruses that are known and have a scannable signature. This leads to a "fail-open" model the virus is allowed to pass undetected if the AV software does is not yet aware of the virus signature.
Security holes in Web browsers are found with such a high frequency that it is really foolish to surf the Web without disabling Active Scripting, JavaScript, ActiveX, Java, and so on.