The security administrator is observing unusual network behavior from a workstation. The workstation is communicating with a known malicious destination over an
encrypted tunnel. A full antivirus scan, with an updated antivirus definition file, does not show any signs of infection.
Which of the following has happened on the workstation?
A.
Zero-day attack
B.
Known malware infection
C.
Session hijacking
D.
Cookie stealing
Explanation:
The vulnerability was unknown in that the full antivirus scan did not detect it. This is zero day vulnerability.
A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware
and hurries to fix it–this exploit is called a zero day attack. Uses of zero day attacks can include infiltrating malware, spyware or allowing unwanted access to userinformation. The term “zero day” refers to the unknown nature of the hole to those outside of the hackers, specifically, the developers. Once the vulnerability
becomes known, a race begins for the developer, who must protect users.
Incorrect Answers:
B: This is not a known malware infection. The vulnerability was unknown because the full antivirus scan did not detect it. Therefore, this answer is incorrect.
C: In computer science, session hijacking, sometimes also known as cookie hijacking is the exploitation of a valid computer session–sometimes also called a
session key–to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to
authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many web sites can be
easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim’s computer. This is not what is described in this
question. Therefore, this answer is incorrect.
D: Cookie stealing is another name for session hijacking. In computer science, session hijacking, sometimes also known as cookie hijacking is the exploitation of a
valid computer session–sometimes also called a session key–to gain unauthorized access to information or services in a computer system. In particular, it is used
to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies used to
maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim’s
computer. This is not what is described in this question. Therefore, this answer is incorrect.http://www.pctools.com/security-news/zero-day-vulnerability/ http://en.wikipedia.org/wiki/Session_hijacking