6. Malware

Question 1

Virus

Answer 1

Attach to clean files, spread, and corrupt host files without user knowledge

Question 2

Worms

Answer 2

Standalone program replicating and spreading to other computers

Question 3

Trojans

Answer 3

Disguise as legitimate software, granting unauthorized access

Question 4

Ransomware

Answer 4

Encrypts user data, demands ransom for decryption

Question 5

Zombies and Botnets

Answer 5

Compromised computers remotely controlled in a network for malicious purposes

Question 6

Rootkits

Answer 6

Hides presence and activities on a computer, and operates at the OS level.

Question 7

Backdoors and Logic Bombs

Answer 7

Backdoors allow unauthorized access, Logic bombs execute malicious actions when a certain condition is met.

Question 8

Keyloggers

Answer 8

Record keystrokes, capture passwords or sensitive information

Question 9

Spyware and Bloatware

Answer 9

Spyware monitors and gathers user/system information.
Bloatware consumes resources without value

Question 10

Boot Sector (Virus)

Answer 10

Stored in the first sector of a hard drive and is then loaded into memory whenever the computer boots up

Question 11

Macro (Virus)

Answer 11

A form of code that allows a virus to be embedded inside another document so that when that document is opened by the user, the virus is executed.

Question 12

Program (Virus)

Answer 12

Tries to find executables or application files to infect with malicious code

Question 13

Multipartite (Virus)

Answer 13

A combination of a boot sector and a program
Able to load every time the computer boots up
can install itself in a program where it can be run every time the computer starts.

Question 14

Encrypted (Virus)

Answer 14

Designed to hide itself from being detected by encrypting its malicious code or payloads to avoid detection by any antivirus software

Question 15

Polymorphic (Virus)

Answer 15

Advanced version of an encrypted virus, but instead of just encrypting the contents it will change the virus code each time it is executed by altering the decryption module for it to evade detection.

Question 16

Metamorphic (Virus)

Answer 16

Able to rewrite themselves entirely before it attempts to infect a given file

Question 17

Stealth (Virus)

Answer 17

A technique used to prevent the virus from being detected by the anti-virus software

Question 18

Armored (Virus)

Answer 18

Have a layer of protection to confuse a program or a person who’s trying to analyze it

Question 19

Hoax (Virus)

Answer 19

Form of technical social engineering that attempts to scare our end users

Question 20

Remote Access Trojan (RAT)

Answer 20

Malicious software disguised as a piece of harmless software that provides the attacker with remote control of a victim’s machine.

Question 21

Ransomware

Answer 21

Type of malicious software that is designed to block access to a computer system or its data by encrypting it until a ransom is paid to the attacker.

Question 22

Ring 3 (Outermost Ring)

Answer 22

Where user level permissions are used

Question 23

Ring 0 (Innermost ring)

Answer 23

Kernel mode

Question 24

Ring 1

Answer 24

Admin or root user of an operating system

Question 25

DLL Injection

Answer 25

Technique used to run arbitrary code within the address space of another process by forcing it to load a dynamic-link library.

Question 26

Dynamic Link Library (DLL)

Answer 26

Collection of code and data that can be used by multiple programs simultaneously to allow for code reuse and modularization in software development.

Question 27

Shim

Answer 27

A piece of software code that is placed between two components and that intercepts the calls between those components and can be used to redirect them.

Question 28

Stage 1 Dropper or Downloader

Answer 28

Piece of malware that is usually created as a lightweight shellcode
that can be executed on a given system

Question 29

Dropper

Answer 29

Specific malware type designed to initiate or run other malware
forms within a payload on an infected host

Question 30

Downloader

Answer 30

Retrieve additional tools post the initial infection facilitated by a
dropper

Question 31

Shellcode

Answer 31

Broader term that encompasses lightweight code meant to
execute an exploit on a given target

Question 32

Stage 2: Downloader

Answer 32

Downloads and installs a remote access Trojan to conduct
command and control on the victimized system

Question 33

9 indicators of malware attacks

Answer 33

Account Lockouts, Concurrent Session Utilization, Blocked Content, Impossible Travel, Resource Consumption, Resource Inaccessibility, Out-of-Cycle Logging, Missing Logs, Published or Documented Attacks