Skip to content

Chapter 21 Malicious Code and Application Attacks

Domain 3, 7 & 8

Written Lab

  1. What is the major difference between a virus and a worm?

    Viruses require human intervention, such as sharing a file, network resource, or email message, to propagate. On the other hand, worms seek out vulnerabilities and spread from system to system under their own power, thereby greatly magnifying their reproductive capability, especially in a well-connected network.

  2. What are the actions an antivirus software package might take when it discovers an infected file?

    If possible, antivirus software may try to disinfect an infected file, removing the virus's malicious code. If that fails, it might either quarantine the file for manual review or automatically delete it to prevent further infection.

  3. Explain how a data integrity assurance package like Tripwire provides secondary virus detection capabilities.

    Data integrity assurance packages like Tripwire compute hash values for each file stored on a protected system. If a file infector virus strikes the system, this would result in a change in the affected file's hash value and would therefore trigger a file integrity alert.

  4. What controls may be used to protect against SQL injection vulnerabilities?

    Defending against SQL injection vulnerabilities requires a defense-in-depth approach. It may include the use of whitelisting and/or blacklisting input validation, stored procedures/parameterized queries, web application security scans, web application firewalls, and other controls.