Malware

Question 1

What is a Computer Virus?

Answer 1

Made up of malicious code that’s run on a machine without the user’s knowledge and allows the code to infect the computer whenever it has been run.

Computer viruses can lead to data corruption, loss, or unauthorized access to information.

Question 2

What is a Boot Sector Virus?

Answer 2

Stored in the first sector of a hard drive and is loaded into memory whenever the computer boots up.

Boot sector viruses can be particularly damaging as they can prevent the operating system from loading.

Question 3

What is a Macro Virus?

Answer 3

A form of code that allows a virus to be embedded inside another document so that when that document is opened by the user, the virus is executed.

Commonly found in documents created with applications like Microsoft Word.

Question 4

What does a Program Virus do?

Answer 4

Tries to find executables or application files to infect with their malicious code.

These viruses often spread through software downloads or installations.

Question 5

What is a Multipartite Virus?

Answer 5

A combination of a boot sector type virus and a program virus, able to place itself in the boot sector and install itself in a program.

This type of virus can be particularly difficult to remove due to its dual nature.

Question 6

What is an Encrypted Virus?

Answer 6

Designed to hide itself from being detected by encrypting its malicious code or payloads to avoid detection by any antivirus software.

Encryption makes it harder for security software to recognize the virus.

Question 7

What is a Polymorphic Virus?

Answer 7

An advanced version of an encrypted virus that changes its code each time it is executed by altering the decryption module to evade detection.

Polymorphic viruses are more challenging to detect and remove than standard viruses.

Question 8

What is a Metamorphic Virus?

Answer 8

Able to rewrite themselves entirely before attempting to infect a given file.

This capability allows metamorphic viruses to evade detection even more effectively than polymorphic ones.

Question 9

What is a Stealth Virus?

Answer 9

A technique used to prevent the virus from being detected by antivirus software.

Stealth viruses can manipulate system resources to hide their presence.

Question 10

What is an Armored Virus?

Answer 10

Has a layer of protection to confuse a program or a person who’s trying to analyze it.

This protection can make it significantly more challenging for security experts to reverse-engineer the virus.

Question 11

What is a Hoax Virus?

Answer 11

A form of technical social engineering that attempts to scare users into taking undesirable actions on their system.

Hoax viruses often spread through emails or social media, misleading users about threats.

Question 12

What is a worm in the context of cybersecurity?

Answer 12

A piece of malicious software that can replicate itself without any user interaction

Worms operate autonomously to infect systems.

Question 13

How do worms replicate and spread?

Answer 13

They self-replicate and spread throughout your network without a user’s consent or action

This ability allows them to propagate rapidly.

Question 14

What are the two main dangers posed by worms?

Answer 14

• Infecting workstations and other computing assets
• Causing disruptions to normal network traffic

The constant replication attempts can overwhelm network resources.

Question 15

True or False: Worms require user interaction to spread.

Answer 15

False

Worms can spread without any action from users.

Question 16

What is a key characteristic of worms compared to viruses?

Answer 16

Worms can replicate themselves without user interaction

Unlike viruses, which often require user action to spread.

Question 17

Fill in the blank: Worms are best known for spreading far and wide over the internet in a _______.

Answer 17

[short amount of time]

Their rapid propagation can lead to widespread damage.

Question 18

What is a Trojan?

Answer 18

Piece of malicious software that is disguised as a piece of harmless or desirable software

Trojans are often used to trick users into installing them.

Question 19

What does RAT stand for?

Answer 19

Remote Access Trojan

RATs provide attackers with remote control of a victim machine.

Question 20

Why are Trojans commonly used by attackers today?

Answer 20

To exploit a vulnerability in your workstation and conduct data exfiltration, create backdoors, and perform other malicious activities

Attackers use Trojans for various malicious purposes, including stealing sensitive documents.

Question 21

Fill in the blank: A Remote Access Trojan (RAT) provides the attacker with _______.

Answer 21

remote control of a victim machine

Question 22

True or False: Trojans can maintain persistence on systems.

Answer 22

True

Trojans can create backdoors to ensure continued access to infected systems.

Question 23

What is ransomware?

Answer 23

Type of malicious software that is designed to block access to a computer system or its data by encrypting it until a ransom is paid to the attacker.

Question 24

How can we protect ourselves and our organizations against ransomware? List at least three methods.

Answer 24

• Always conduct regular backups
• Install software updates regularly
• Provide security awareness training to your users
• Implement Multi-Factor Authentication (MFA)

Question 25

What should you do if you find yourself or your organization as the victim of a ransomware attack? Name one action.

Answer 25

Never pay the ransom.

Question 26

True or False: Paying the ransom guarantees that you will get your data back.

Answer 26

False.

Question 27

What is the first step to take if you suspect ransomware has infected your machine?

Answer 27

Disconnect it from the network.

Question 28

What should you do after disconnecting a machine infected with ransomware?

Answer 28

Notify the authorities.

Question 29

Fill in the blank: To recover from a ransomware attack, you should restore your data and systems from known good _______.

Answer 29

backups.

Question 30

What is a Botnet?

Answer 30

Network of compromised computers or devices controlled remotely by malicious actors ## Footnote Botnets can include a wide range of devices, from personal computers to IoT devices.

Question 31

What is a Zombie in the context of cybersecurity?

Answer 31

Name of a compromised computer or device that is part of a botnet ## Footnote Zombies perform tasks using remote commands from the attacker without the user's knowledge.

Question 32

What is the role of a Command and Control Node?

Answer 32

Computer responsible for managing and coordinating the activities of other nodes or devices within a network ## Footnote This node is crucial for the functioning of a botnet.

Question 33

List some uses of Botnets.

Answer 33

* As pivot points * Disguise the real attacker * To host illegal activities * To spam others by sending out phishing campaigns and other malware ## Footnote Botnets are often utilized for various malicious purposes, including data theft and distributed denial-of-service (DDoS) attacks.

Question 34

What is a rootkit?

Answer 34

Designed to gain administrative level control over a given computer system without being detected

Question 35

What are the different rings of permissions in a computer system?

Answer 35

Several different rings, including Ring 3 (User level permissions) and Ring 0 (Highest Permission Levels)

Question 36

What is Ring 3 in a computer system?

Answer 36

The outermost ring where user level permissions are used

Question 37

What is Ring 0 in a computer system?

Answer 37

The innermost or highest permission level, also known as kernel mode

Question 38

What is kernel mode?

Answer 38

Operating in Ring 0, allowing control over access to device drivers and other critical system resources

Question 39

What does kernel mode allow a system to control?

Answer 39

Access to things like device drivers, sound card, video display or monitor, and other similar things

Question 40

What technique do rootkits use to gain deeper access to a system?

Answer 40

DLL injection

Question 41

What is DLL Injection?

Answer 41

Technique used to run arbitrary code within the address space of another process by forcing it to load a dynamic-link library

Question 42

Why are rootkits difficult to detect?

Answer 42

The operating system is essentially blinded to them

Question 43

What is the best way to detect rootkits?

Answer 43

Boot from an external device and scan the internal hard drive

Question 44

What should be used to scan for rootkits when booting from an external device?

Answer 44

A good anti-malware scanning solution from a live boot Linux distribution

Question 45

What is a backdoor?

Answer 45

Originally placed in computer programs to bypass the normal security and authentication functions.

Question 46

Who most often places backdoors into systems?

Answer 46

Designers and programmers.

Question 47

What is an Easter egg in programming?

Answer 47

A hidden feature or novelty within a program typically inserted by the software developers as an inside joke.

Question 48

True or False: Easter eggs are always harmful to software.

Answer 48

False

Question 49

What is a common issue associated with code in software?

Answer 49

Code often has significant vulnerabilities.

Question 50

What are Logic Bombs?

Answer 50

Malicious code that's inserted into a program, and the malicious code will only execute when certain conditions have been met ## Footnote Logic bombs can be triggered by specific events, dates, or user actions.

Question 51

What is a keylogger?

Answer 51

A piece of software or hardware that records every single keystroke made on a computer or mobile device ## Footnote Keyloggers are often used for monitoring or malicious purposes.

Question 52

What is spyware?

Answer 52

Malicious software that is designed to gather and send information about a user or organization without their knowledge

Question 53

What is bloatware?

Answer 53

Any software that comes pre-installed on a new computer or smartphone that you, as the user, did not specifically request, want, or need ## Footnote Bloatware can often take up valuable storage space and may slow down device performance.

Question 54

What technique do most modern malware use to avoid detection?

Answer 54

Fileless techniques ## Footnote Fileless malware operates in system memory instead of relying on the local file system.

Question 55

What is Fileless Malware?

Answer 55

Malware that creates a process in system memory without using the local file system ## Footnote This method helps evade detection by traditional security software.

Question 56

What happens when a user clicks on a malicious link or file?

Answer 56

A stage one dropper or downloader is installed ## Footnote This initiates the infection process.

Question 57

Define Stage 1 Dropper or Downloader.

Answer 57

A piece of malware created as lightweight shellcode that can be executed on a system ## Footnote It is critical in the initial stage of malware deployment.

Question 58

What is a Dropper?

Answer 58

Specific malware designed to initiate or run other malware forms within a payload ## Footnote The dropper is responsible for delivering the main malicious payload.

Question 59

What is a Downloader?

Answer 59

Malware that retrieves additional tools post-initial infection facilitated by a dropper ## Footnote Downloaders play a crucial role in expanding the malware's capabilities.

Question 60

What is Shellcode?

Answer 60

Lightweight code meant to execute an exploit on a given target ## Footnote Shellcode is often used in various types of cyber attacks.

Question 61

What occurs in Stage 2 of malware execution?

Answer 61

A downloader installs a remote access Trojan for command and control ## Footnote This stage allows attackers to maintain control over the compromised system.

Question 62

What does the 'Actions on Objectives' Phase entail?

Answer 62

Executing primary objectives like data exfiltration and file encryption ## Footnote This phase is where attackers achieve their main goals.

Question 63

What is Concealment in the context of malware?

Answer 63

Methods used to prolong unauthorized access by hiding tracks, erasing log files, and hiding evidence ## Footnote Concealment techniques help attackers remain undetected.

Question 64

What does 'Living off the Land' refer to?

Answer 64

A strategy where threat actors exploit standard tools for intrusions ## Footnote This tactic is common among Advanced Persistent Threats.