1.2 Malware Types

Question 1

This type of virus never actually gets installed and generally runs in your PCs memory. This makes it good at avoiding antivirus detection.

Answer 1

Fileless Virus

Question 2

What is MaaS?

Answer 2

Malware as a service

Question 3

What are two keylogger examples?

Answer 3

PAL Logger Pro
KeyGhost

Question 4

Password attack that involves a pre-built set of hashes that are generally different for each hashing method. This saves lots of time and storage space as it uses pre-calculated hash chains to increase probability of getting a match.

Answer 4

Rainbow Tables

Question 5

This type of malware masquerades as a real program or embeds itself into a real program in order to install backdoors or deliver a payload.

Answer 5

Trojan

Question 6

This type of malware involves the encryption of data files where which the attacker must be paid an ransom in order to receive the decryption key.

Answer 6

Cryptomalware / Ransomware

Question 7

This type of virus executes before the OS is even loaded on a PC.

Answer 7

Boot Sector Virus

Question 8

What kinds of issues can a worm cause on a target computer?

Answer 8

Consume Resources
Access Data
Waste CPU Cycles

Question 9

This type of program is often spyware or adware that can be easily caught and removed using programs like Malwarebytes. These programs can sometimes also be benign.

Answer 9

Potentially Unwanted Program (PUP)

Question 10

What is it called when you add random data to a password when it is hashed to prevent rainbow tables from cracking the password later?

Answer 10

Adding Salt

Question 11

Some apps store passwords in the clear/unencrypted. This type of password attack exploits these passwords.

Answer 11

Plaintext Password Attack

Question 12

What attack type is used against AI in order to fool AI trained to detect spam in its training data? This often results in the AI revealing data that would otherwise be confidential like SSNs.

Answer 12

Evasion Attacks

Question 13

What are 3 examples of a RAT?

Answer 13

Ghost
PlugX
Sakula

Question 14

What is the name for an artifact left behind by malware after carrying out an attack?

Answer 14

Indicator of compromise (IOC)

Question 15

This type of password attack involves the attacker using common passwords to try and log into an account. If they are unsuccessful they move on to the next account before the account gets locked out, preventing suspicion and alarms.

Answer 15

Spraying attack

Question 16

In a group of 23 people, what is the probability that two share the same birthday? For a class of 30?

Answer 16

50% and 70%

Question 17

This type of malware can gather data, display ads embedded with malware (malvertisements), and can often be found in P2P and bittorrent networks, and have the ability to infect smart devices as well.

Answer 17

Spyware and Adware

Question 18

How can an attacker confuse artificial intelligence and cause it to behave incorrectly?

Answer 18

Poisong the training data used for machine learning

Question 19

This type of password attack uses common dictionary words in order to crack passwords. The exploits the fact that passwords are created by humans and we use words for our passwords. This takes a lot of time and processing power. Useless against random character passwords.

Answer 19

Dictionary attacks

Question 20

What are the benefits and drawbacks to On-premesis security?

Answer 20

Benefits:

• Customize your own security posture
• On-site IT can manage security, uptime, and availability

Drawbacks:

• Local teams can be expensive and difficult to staff
• Security changes can take time

Question 21

What kinds of programs can a Trojan imitate?

Answer 21

Games
Utilities
Drivers/Patches/Updates
System upgrades
Freeware

Question 22

These types of packages are generally pre-built ransomware packages that can be purchased on the Dark web for a fee

Answer 22

Ransomware as a service

Question 23

This type of malware creates backdoors on target systems allowing an attacker to gain access to a system remotely through a C2 server in order to steal data or control said system.

Answer 23

Remote Access Trojan (RAT)

Question 24

This type of malware is self-replicating, requiring no human input in order to spread.

Answer 24

Worm

Question 25

This type of virus is OS, browser, or macro based and can use programs like powershell, command prompt, or MS Word to execute.

Answer 25

Script Virus

Question 26

What are the 5 campaign steps to a ransomware attack?

Answer 26

Install malware
Contact C&C server
Handshake
Encryption
Extortion

Question 27

This type of malware is used to log keystrokes and report them to a C2 server. Can be used maliciously or in a benign sense to track employees or family members.

Answer 27

Keylogger

Question 28

What are the best methods for protecting against a ransomware attack?

Answer 28

Keep an offline backup

Keep OS and apps up to date

Keep AV signatures up to date

Question 29

What are the two main ways to prevent your PC from becoming a bot?

Answer 29

Prevent initial infection

Prevent C&C communication if infected

Question 30

What type of attack involves the attacker receiving an encrypted peice of data and then using cryptography to crack the encryption?

Answer 30

Cryptographic

Question 31

What are some real-world examples of worms?

Answer 31

Sasser
ILOVEYOU
Conficker
Stuxnet

Question 32

The name for an instance when two different plaintext values share the same hash.

Answer 32

Collision

Question 33

This type of attack involves stealing credit card info at the point of sale via false card readers and cameras to capture PIN numbers.

Answer 33

Skimming

Question 35

This type of attack is only executed during a predefined event or if a particular set of paramaters are met (i.e. a major event, a number of mouse clicks, a particular time of day, etc.)

Answer 35

Logic Bomb

Question 36

This password attack involves simply trying all combinations until the required hash is met.

Answer 36

Brute Force

Question 37

What platform has recently become a target for RATs?

Answer 37

Mobile Devices

Question 38

This type of attack forces a target system to revert back to a lower level of encryption and security that may have more vulnerabilities. i.e. Downgrading from TLS to SSL 3.0

Answer 38

Downgrade attack

Question 39

What makes a USB cable malicious?

Answer 39

Has additional electronics inside that can deliver a payload

Question 40

What program is coined as the first form of ransomware introduced in 2005?

Answer 40

Gpcoder

Question 41

A group of infected computers working together and often reporting back to a C&C server to perform things like DDoS attacks, relay spam attacks, and distributed computing tasks like bitcoin mining.

Answer 41

Botnet

Question 42

What are the benefits and drawbacks to cloud security?

Answer 42

Benefits:

• Data is in a secure environment
• Cloud providers manage large-scale security
• Low downtime
• Scalable security options

Drawbacks:

• Third party data access
• Users must follow best practices
• Not as customizable

Question 43

Can a Trojan replicate itself?

Answer 43

No

Question 44

The general term for malware that can reproduce itself.

Answer 44

Virus

Question 45

This type of attack involves an attacker infecting a third party vendor, supplier, manufacturer, etc. which in turn is able to infect all entities which the third pary has ties with, eventually infecting the entire chain.

Answer 45

Supply Chain Attack

Question 46

This type of attack involves files and folders being encrypted and held for ransom with payments generally requested in crypto currency.

Answer 46

Ransomware

Question 47

What do you call a system that has been infected with malware (often in the background) that waits for instructions from a main C&C server?

Answer 47

Bot