2.3 Malware Detection, Removal and Prevention

Question 1

Define social engineering

Answer 1

Any attempt to manipulate users to reveal confidential information or perform actions detrimental to a system’s security

Question 2

Phishing

Answer 2

A social engineering attack where the malicious actor communicates with he victim from a supposedly reputable source to lure the victim into divulging sensitive information

Question 3

What can the response rate be up to for generic phishing campaigns?

Answer 3

60-70% (with good grammar)
30-40% (with bad grammar)

Question 4

Spearphishing

Answer 4

A more targeted version of phishing using mainly the same techniques

Question 5

Whaling

Answer 5

Focused on key executives within an organisation or other key leaders, executives and managers in the company

Question 6

What is the most effective form of phishing in a pentest?

Answer 6

Whaling

Question 7

Smishing

Answer 7

Phishing over SMS

Question 8

Vishing

Answer 8

Message being communicated to the target using the voice functions of a telephone

Question 9

BEC

Answer 9

An attacker takes over or impersonates a high-level executive’s email account

Question 10

Pharming

Answer 10

Tricking users into divulging private information by redirecting a victim to a website controlled by the attacker or pentester

Question 11

How can attackers execute pharming?

Answer 11

Redirects, popups, URL masking, background processes

Question 12

Malware

Answer 12

Software that is designed to infiltrate and damage a system

Question 13

Boot sector virus

Answer 13

Viruses stored in the first sector of a hard drive and loaded into memory upon boot

Question 14

Macro (virus)

Answer 14

Virus embedded into a document and executed when the document is opened

Question 15

Why is it called a macro?

Answer 15

Because it is written in the same macro language used to create software programs (e.g. Excel, Word)

Question 16

Program virus

Answer 16

Viruses that seek out executables or applications to infect

Question 17

When are program viruses launched?

Answer 17

When the program is installed or executed.

Question 18

Name three ways program viruses can infect a computer.

Answer 18

CD, removable media, email

Question 19

Multipartite

Answer 19

A virus that combines boot and program viruses to attach to boot sector and system files before attacking other files on the computer

Question 20

How do multipartite viruses propagate?

Answer 20

Through compromised files, downloads, or bootable media

Question 21

Self-encryption

Answer 21

When a virus uses a cipher to encrypt its contents and avoid detection by AV software

Question 22

Polymorphic

Answer 22

Advanced encrypted virus that changes the code after every infection, varying encryption keys to avoid detection

Question 23

Metamorphic

Answer 23

Viruses able to rewrite their own code entirely without an encryption key

Question 24

Stealth

Answer 24

A broad category to describe any virus that attacks while trying to avoid detection by AV software

Question 25

How do stealth viruses avoid detection?

Answer 25

It copies itself between files and replaces itself with a "clean" file

Question 26

Armored

Answer 26

A virus designed to conceal the code by encrypting the payload, making it difficult to detect and analyse

Question 27

Hoax

Answer 27

A warning about a nonexistent computer virus designed to trick a user into infecting their own machine

Question 28

Worm

Answer 28

A standalone malware program that replicates itself on a network in order to spread to other users

Question 29

Trojan

Answer 29

A type of malware disguised as a legitimate program

Question 30

How does ransomware gain access to a computer to encrypt files?

Answer 30

By using vulnerabilities in the software

Question 31

Spyware

Answer 31

Malware that secretly gathers information about the user without their consent

Question 32

Adware

Answer 32

Malicious software that secretly installs itself onto a device and displays unwanted advertisements and popups.

Question 33

Grayware

Answer 33

Applications or files that are not classified as malware but can worsen the performance of computers and/or cause security risks

Question 34

Rootkit

Answer 34

Software designed to gain admin level control over a system without detection, often made up of a collection of certain tools

Question 35

Name three ways rootkits can be downloaded onto a computer

Answer 35

- DLL Injection - Driver Manipulation - Shim

Question 36

Shim

Answer 36

A piece of software code that is placed between two components to intercept API calls and redirect them

Question 37

Driver manipulation

Answer 37

Compromising the kernel-mode device drivers that operate at a privileged or system level

Question 38

DLL Injection

Answer 38

Malicious code is inserted into a running process on a Windows machine by taking advantage of DLL libraries that are loaded at runtime

Question 39

DLL

Answer 39

Dynamic Link Library

Question 40

Zombie

Answer 40

A computer connected to the internet that has been compromised by a hacker

Question 41

Botnet

Answer 41

A collection of compromised computers under the control of a master node

Question 42

DDoS

Answer 42

Many machines targeting a single victim at the same time

Question 43

If you are looking at files and folders, what are some symptoms that a PC might be infected?

Answer 43

- Hard drives/files/applications no longer accessible - Double file extensions being displayed - New files/folders created - Files/folders missing or corrupted

Question 44

Give five symptoms (not related to files) that may indicate an infected computer

Answer 44

- Strange noises - Unusual error messages - Display looks strange - Jumbled printouts - System Restore won't function

Question 45

List the seven steps of removing malware

Answer 45

1. Identify the symptoms of a malware infection 2. Quarantine the infected systems 3. Disable System Restore 4. Remediate the infected system 5. Schedule automatic updates and scans 6. Enable System Restore and create a new restore point 7. Provide end user security awareness training

Question 46

How do you scan a computer for a boot sector virus?

Answer 46

Reboot the computer from an external device and scan it; then remove the hard drive and connect as a secondary drive to a clean workstation and scan it also

Question 47

What three types of malware are best detected with anti-malware solutions?

Answer 47

Worms, trojans and ransomware

Question 48

Give two simple protections against malware

Answer 48

Updating OS regularly and having a good host-based firewall.

Question 49

Give three steps for protecting against malware sent over email

Answer 49

1. Remove email addresses from website 2. Use allowlist and blocklists 3. Train and educate end users

Question 50

Give three steps for protecting against downloadable malware

Answer 50

1. Update your anti-malware software automatically and scan your computer 2. Update and patch the operating system and applications regularly 3. Educate and train end users on safe internet surfing practices

Question 51

What are two ways email servers should not be configured?

Answer 51

Open mail relays/SMTP open relays

Question 52

What is the best firewall setup?

Answer 52

Personal software-based and a network-based (preferably hardware) to provide two layers of protection

Question 53

What is iptables?

Answer 53

A firewall utility for Linux operating systems

Question 54

Briefly overview how iptables works.

Answer 54

It compares network traffic against a set of rules and rejects packets that don't match the rules