Malicious Attacks & Malware – Lecture Overview

These vocabulary flashcards summarize the core terms, attack techniques, malware categories, historical examples, and key advantages/disadvantages discussed in the lecture on malicious attacks and security.

Malicious Attack

A deliberate attempt to breach a system, network, or organization to cause harm, steal data, disrupt operations, or gain unauthorized access.

Intentional (Attack Characteristic)

Indicates the act is planned and purposeful, not accidental.

Unauthorized (Attack Characteristic)

The attacker lacks permission to access the targeted system or data.

Destructive (Attack Characteristic)

Involves deleting, corrupting, or exploiting data and resources once access is gained.

Phishing

A social-engineering attack that sends fake emails, texts, or calls posing as trusted sources to trick users into revealing sensitive information.

SQL Injection

An attack that inserts malicious SQL code into input fields to manipulate a database and access or modify data.

Birthday Attack

A cryptographic attack that exploits the birthday paradox to find hash collisions faster than brute force.

Birthday Paradox

Probability concept showing that in a group of 23 people there’s a high chance two share a birthday; foundation for birthday attacks.

Brute-Force Attack

Method of trying all possible passwords or keys until the correct one is found; guaranteed success but time-consuming.

Dictionary Attack

Password-cracking method that tests words from a pre-compiled list of common or meaningful passwords.

IP Addressing Attack

Hacking technique that exploits weaknesses tied to IP addresses, often masking the attacker’s true location with VPNs or proxies.

Spoofing

Act of falsifying data to impersonate another device or person to gain access, steal information, or distribute malware.

Hijacking (Session Hijack)

Taking control of a user’s active session or token to access accounts without credentials.

Replay Attack

Intercepting and resending valid data transmissions to trick a system into granting unauthorized access.

Man-in-the-Middle (MITM) Attack

An attacker secretly relays or alters communication between two parties who believe they are directly connected.

Masquerading

Impersonating a legitimate user, device, or system to bypass authentication and gain unauthorized privileges.

Eavesdropping (Sniffing)

Secretly intercepting and monitoring network traffic to collect sensitive data without altering it.

Social Engineering

Psychological manipulation of people to reveal confidential information or perform insecure actions.

Phreaking

Manipulating telephone systems (1960s-70s) with sound tones to make free calls or access restricted services.

Pharming

Redirecting users to fraudulent websites via DNS manipulation to harvest credentials—“phishing without a lure.”

Malware

Any software intentionally designed to harm, exploit, or disable computers, networks, or data.

Virus

Malware that attaches to legitimate files or programs and replicates when the host is run (e.g., ILOVEYOU).

Worm

Standalone malware that replicates across networks without a host file, often overloading systems (e.g., Morris Worm).

Trojan Horse

Malware disguised as legitimate software that, once installed, opens backdoors or steals data (e.g., Zeus).

Rootkit

Stealth toolset that hides malware and provides persistent privileged access while avoiding detection.

Spyware

Malware that secretly collects user data, keystrokes, or browsing habits without consent (e.g., CoolWebSearch).

Social Engineering Attack Category

Group of attacks exploiting human trust (e.g., phishing, text-scam) rather than technical vulnerabilities.

Wireless Network Attack

Exploits vulnerabilities in Wi-Fi or other wireless protocols to intercept data, set up rogue APs, or perform DoS (e.g., KRACK).

Web Application Attack

Targets flaws in website code—such as SQLi or XSS—to steal data or hijack accounts (e.g., Yahoo breach).

KRACK (Key Reinstallation Attack)

2017 WPA2 vulnerability allowing attackers within Wi-Fi range to decrypt and intercept supposedly secure traffic.

WannaCry

2017 ransomware outbreak that encrypted files on hundreds of thousands of systems and demanded Bitcoin payment.

ILOVEYOU Virus

Year-2000 email virus that overwrote files and caused over $10 billion in global damages.

Morris Worm

1988 worm that disrupted ARPANET, illustrating the power of self-replicating code.

Zeus Trojan

Banking Trojan (2007-2010) that stole online credentials, leading to large-scale financial theft.

Sony BMG Rootkit

2005 DRM software that secretly installed a rootkit on users’ PCs, sparking legal backlash.

CoolWebSearch

Early-2000s spyware that hijacked browsers, changed settings, and tracked users for ad revenue.

Access to Sensitive Data (Attacker Advantage)

Benefit where attackers obtain confidential information such as financial records or intellectual property.

Data Loss or Theft (Victim Disadvantage)

Primary harm of malicious attacks—confidential or personal data is stolen, deleted, or leaked.

Hash Collision

Situation where two different inputs produce the same hash value; exploited in birthday attacks.

MD5

Outdated hash function vulnerable to collisions, making it susceptible to birthday attacks.