December 15, 2022
CISSP Study Guide: Logic Bombs, Trojan Horses and Active Content
December 15, 2022
Logic Bombs: Logic bombs are malicious code that corrupt a system but are dormant until they’re activated by the occurrence of one or more logical conditions, and deliver malicious payload to unsuspecting computer users. Simple logic bombs may be triggered according to system date or time while others may use more advanced specifications such as the removal of a file or user account, or the changing of permissions and access controls. Many viruses and Trojan horses, such as the famous Michelangelo virus, contain a logic bomb component.
Trojan Horses: A trojan horse takes a piece of malicious code and conceals it. Some Trojan horses are fairly benign while others wipe out all the data on a system causing extensive damage in a short period of time. Back Orifice is a well-known Trojan horse for the Windows operating system. To release Back Orifice onto a system, an attacker places Back Orifice within the installation package of a useful application or utility. When an unknowing user installs the useful application or utility they also install Back Orifice, now running in the background and gives the malicious attacker remote administrative access to the target computer.
Active Content: Active content on websites users visit is another course of attack. The delivery of active content is dependent on web applications that are downloaded to users’ computers for execution. These applications are based on technologies like Java applets and ActiveX controls. This minimizes the load on the web server and increases response time. However an unaware user may download malicious active content, known as hostile applets, from a mistrusted source and allow it to run on their systems, resulting in a major vulnerability. These hostile applets can inflict a range of damage, including a denial of service attack that eats up system resources or the theft and/or destruction of data. Most web browsers require the user to allow the active content to be automatically downloaded, installed, and executed from trusted sites. However, a policy should be put in place to ensure the proper user control of active content.
What is Spyware?
Spyware applications are usually similar in deployment to Trojan horses. They are installed when an unsuspecting user downloads and installs a free application from the Internet. However, more advanced spyware applications could be installed onto a user’s computer when the user uses a browser that is vulnerable to visit an untrusted website. Defenses against spyware include not downloading or installing adware-supported applications, and applying the latest security patches for the operating system as well as the browser, or switching to a more secure browser.
SQL Injection and Malicious Users
Creators of applications that require user input should be cognizant of malicious users who target and exploit possible vulnerabilities in the protocol or application. An example is malformed input or SQL injection targeted at database applications. An attacker can attempt to introduce database or SQL commands to disrupt the normal operation of the database. This could cause the database to malfunction and leak information. Here, the attacker searches for web applications in which to insert SQL commands. They use logic, such as 1 = 1– or a single quote, to test the database for vulnerabilities. Feedback from the database application shows the database is susceptible to attack. These forms of attacks can be thwarted by applying pre-validation, post-validation, and client-side validation.
Let's build your cybersecurity career together
Accelerate in your role, prepare for certifications, and develop cutting edge skills with the most in-demand training in the industry.
2,000+learning activities led by highly experienced cybersecurity professionals