CompTIA®A+ Practical Exam Notes : Common Security Threats


Go to latest A+ Exam Cram

3. Computer Security

3.1 Common security threats

1. A boot sector virus stays resident by infecting the boot sector of the computer

2. A Master boot record (MBR) virus infect the first physical sector of all affected disks

3. File viruses either replace or attach themselves to executable files, and most commonly found virus

4. Macro virus attaches itself to documents in the form of macros.

5. Memory viruses are viruses that execute and stay resident in memory. Trojan Horse is an example of memory virus.

6. A trojon is not a virus. The principal variation between a Trojan horse, or Trojan, and a virus is that Trojans don't spread themselves. Trojan horses disguise themselves as valuable and useful software available for download on the internet. Trojan may work as a client software on your computer communicating with the Trojan server over the Internet.

7. Social engineering is a skill that an attacker uses to trick an innocent person such as an employee of a company into doing a favor. For example, the attacker may hold packages with both the hands and request a person with appropriate permission to enter a building to open the door. Social Engineering is considered to be the most successful tool that hackers use.

8. Note that script files may include viruses hidden inside. Therefore, it is not wise to open any script file attachments such as file.scr or file.bat etc.

9. Malware includes computer viruses, worms, trojan horses, spyware, dishonest adware, and other malicious and unwanted software.

10. A browser hijacker is a form of malware, spyware or virus that replaces the existing internet browser home page, error page, or search page with its own. These are generally used to force hits to a particular website.

Social Engineering involves following threats

1. Shoulder surfing: shoulder surfing refers to using direct observation techniques, such as looking over someone's shoulder, to get information. It is commonly used to obtain passwords, PINs, security codes, and similar data.

2. Shoulder surfing is particularly effective in crowded places because it is relatively easy to observe someone as they fill out a form, enter their PIN at an automated teller machine or a POS terminal, or enter a password at a cybercafe, public and university libraries, or airport kiosks

3. Shoulder surfing can also be done at a distance using binoculars or other vision-enhancing devices. Inexpensive, miniature closed-circuit television cameras can be concealed in ceilings, walls or fixtures to observe data entry. To prevent shoulder surfing, it is advised to shield paperwork or the keypad from view by using one's body or cupping one's hand.

4. Phishing phone calls: Cybercriminals might call you on the phone and offer to help solve your computer problems or sell you a software license. Neither Microsoft nor our partners make unsolicited phone calls (also known as cold calls) to charge you for computer security or software fixes.

Social Engineering threats involve gaining trust of an employee or an insider of an organization. Once they've gained your trust, cybercriminals might ask for your user name and password or ask you to go to a website to install software that will let them access your computer to fix it. Once you do this, your computer and your personal information is vulnerable. You may reduce the threat due to social engineering by treating all unsolicited phone calls with skepticism and not providing any personal information on such calls.

Previous    Contents    Next