Malware

Question 1

Malware is….

Answer 1

Any software that has been created to damage, disable, or produce an unwanted condition within a computer system.

Question 2

A virus is…

Answer 2

Intentionally malicious code

Question 3

Worm

Answer 3

Self-replicating

Question 4

Trojan

Answer 4

Malware hidden in legitimate files

Question 5

RAT

Answer 5

Remote access trojan

Question 6

Keylogger

Answer 6

Logs keystrokes and sends to a controller for credential theft

Question 7

Rootkit

Answer 7

Parts of or the entire bootloader has changed

Question 8

What defeats rootkits?

Answer 8

Secure boot

Question 9

Firmware Rootkit

Answer 9

Operates lower than a bootloader. Overwrites the firmware of the BIOS so that the malware is persisted before the bootloader starts.

Question 10

Kernel Rootkit

Answer 10

Malicious drivers/kernel modules

Question 11

Application rootkit

Answer 11

Modification of regular files to hide malicious activity

Question 12

Memory rootkit

Answer 12

FIleless process running in memory.

Question 13

Backdoor

Answer 13

Persistent control of a system by offering recurring access to an attacker.

Question 14

Ransomware.\

Answer 14

Encrypts a victims files

Question 15

File wipers

Answer 15

Destructive malware that destroys or corrupts files.

Question 16

Who are you defending against in malware?

Answer 16

A human adversary, not a piece of software.

Question 17

What was the first worm to garner public attention?

Answer 17

The morris worm

Question 18

When was the morris worm created?

Answer 18

1988

Question 19

Who created the morris worm?

Answer 19

Robert Tappan Morris

Question 20

What was Morris charged with?

Answer 20

Computer Fraud and Abuse Act.

Question 21

Stuxnet.

Answer 21

The first digital weapon, used to target an Iranian nuclear facility in 2010

Question 22

WannaCry

Answer 22

Widespread ransomware worm in 2017

Question 23

NotPetya

Answer 23

Ransomware by Russian military against Ukraine in 2017

Question 24

What are the two types of ransomware encryption techniques?

Answer 24

Hard coded keys - key is easily discoverable.
Client generated keys - Still easily discoverable, but key is not reusable to decrypt all infections.
Key -> server - Generate key during infection, and send to server for storage. Hard to discover.
Bake public key into ransomware & store private on server
Bake public key into the client & don’t store any keys (send to server
Use a hybrid - best of all worlds

Question 25

Two ways to analyze malware

Answer 25

Static analysis - the file Dynamic Analysis - behavior

Question 26

What is fingerprinting?

Answer 26

Obtaining a hash of the malicious binary

Question 27

What is string extraction?

Answer 27

Look for malicious strings (IP, URL, etc.)

Question 28

What is Packer Analysis

Answer 28

Looking for packed files that are hidden in other files

Question 29

What is disassembly/decompilation?

Answer 29

Analyzing the files manually to look for malicious code.

Question 30

YARA Rules

Answer 30

Schema to classify malware through text-based rules.

Question 31

Machine Learning for malware analysis

Answer 31

Corpus - the set of malware trained.

Question 32

Defined Point Analysis (Dynamic)

Answer 32

Malware is executed on a system with a known state.

Question 33

Runtime behavior analysis (Dynamic)

Answer 33

Observe the behavior directly in a sandboxed environment.

Question 34

What does modern malware do to manage its keys?

Answer 34

Generates a client key and uses a hardcoded server public key. This is known as the hybrid method.

Question 35

What time of malware is used for cryptomining and DDoS attacks?

Answer 35

Botnets

Question 36

When statically analyzing malware using machine learning, was must be done to the malware file before the ML model makes a decision?

Answer 36

FX

Question 37

What malware was the first digital weapon?

Answer 37

Stuxnet