Malware

Question 1

Virus

Answer 1

A self-replicating program that attaches itself to a legitimate file and spreads to other computers through shared networks or removable media

Question 2

Polymorphic Viruses

Answer 2

Polymorphic viruses are malware that can change their code or appearance to evade detection by antivirus software. E.g. by encrypting and decrypting itself using a different key each time it can evade signature checks

Question 3

Worm

Answer 3

Worms are self-replicating malware that spread from system to system over a network

Question 4

What is the difference between a worm and a virus?

Answer 4

A viruses attaches itself to a host file by inserting its code, while a worm is independent from any file

Question 5

Trojan

Answer 5

A Trojan is a type of malware that disguises itself as a legitimate program and infiltrates a system to gain unauthorised access and control.

Question 6

Rootkit

Answer 6

A rootkit is a type of malware that gains privileged access to a system and conceals its presence from users and security software.

Question 7

Ransomware

Answer 7

Encrypts the victim’s data then demands a ransom for the decryption key.

Question 8

State 3 ways antivirus can detect malware

Answer 8

Signature - hash the program and compare it to a list of known malware hashes
Heuristics - use algorithms to identify malware based on its behaviour
Behavioural - monitor a program in real time to detect malicious activities

Question 9

Integrity checker

Answer 9

Monitors changes to files and the system to ensure data and configurations remain intact and prevent data loss and breaches.

Question 10

Intrusion Detection System

Answer 10

Monitors and reports network traffic that deviates from previously seen behaviour or matches the pattern of known malicious activity