1 - 1: Malware

Question 1

The two components of malware

Answer 1

Propagation method and payload

Question 2

What defines a virus?

Answer 2

Spreads based on human action

Question 3

What defines a worm?

Answer 3

Spreads by finding vulnerabilities without human interaction

Question 4

The RTM worm

Answer 4

Written by Robert Tappen Morris, a Cornell grad student, infected 10% of the Internet in 1988

Question 5

Stuxnet

Answer 5

Infected Iranian nuclear enrichment centrifuges in 2010, crossing the virtual/physical barrier

Question 6

What defines a Trojan horse?

Answer 6

Disguised as helpful programs that spread a payload while also working as intended

Question 7

How do you protect from Trojan horses?

Answer 7

Application control limiting apps to only approved ones

Question 8

Remote Access Trojans

Answer 8

Provide hackers remote access to and control of compromised systems

Question 9

Adware

Answer 9

Malware designed to display ads but generates revenue for the malware author

Question 10

Adware mechanisms

Answer 10

Changing default search engine, displaying pop-ups, replacing legitimate ads with malicious ads

Question 11

Spyware

Answer 11

Malware that gathers information without user consent

Question 12

Spyware mechanisms

Answer 12

Keylogging, monitor web browsing, searching hard drives and cloud storage

Question 13

Potentially unwanted programs (PUPs)

Answer 13

Apps that are slipped in or bundled with other software installers

Question 14

Ransomware

Answer 14

Encrypts files with a secret key, preventing access

Question 15

WannaCry

Answer 15

A ransomware variant that spreads with EternalBlue in 2017 demanding Bitcoin

Question 16

Cryptomalware

Answer 16

Malware that takes over victim computing power to mine for cryptocurrency

Question 17

Top 3 ways to prevent malware

Answer 17

Anti-malware software, applying patches, educating users

Question 18

Backdoor

Answer 18

A workaround to accessing a system

Question 19

Backdoor Mechanisms

Answer 19

Hardcoded accounts, default passwords, unknown access channels

Question 20

Logic bombs

Answer 20

Malware designed to execute a payload once certain conditions are met

Question 21

Logic bomb conditions

Answer 21

Date and time, file contents, API call results

Question 22

Root account

Answer 22

A special superuser account that provides unrestricted access to system resources

Question 23

Rootkits

Answer 23

Originally designed for privilege escalation that would provide root privileges to a regular account or escalate to root account

Question 24

Rootkit payloads

Answer 24

Backdoors, botnet agents, adware/spyware, OR anti-theft mechanisms for copyrighted content

Question 25

Ring protection model

Answer 25

Levels of user privileges, including user and kernel mode

Question 26

User mode rootkits

Answer 26

Run with normal user privileges, are easy to write and difficult to detect

Question 27

Kernel mode rootkits

Answer 27

Run with system privileges, are difficult to write and easy to protect

Question 28

Fileless Viruses

Answer 28

Malware that remains completely within memory and are not written to disk

Question 29

Fileless techniques

Answer 29

Microsoft Office macros, JavaScript code, Windows Registry persistence by copying itself

Question 30

Botnets

Answer 30

A network of infected computers delivered through malware, then awaits commands

Question 31

Botnet uses

Answer 31

Renting out computing power, delivering spam, engaging in DDoS, mining cryptocurrency, waging brute force attacks

Question 32

Botnet command and control

Answer 32

Indirect and redundant communication from a hacker to its network of botnet infected computers, including IRC, Twitter, and P2P within the botnet

Question 33

Script

Answer 33

Sequence of instructions written in a programming language to automate work

Question 34

Shell Scripts

Answer 34

Scripts run at the command line and integrate with the operating system

Question 35

Application scripts

Answer 35

Run within a software application and integrate with that application

Question 36

Programming languages

Answer 36

Allow for the creation of general purpose code

Question 37

Bash

Answer 37

A scripting language commonly used on Linux and Mac systems

Question 38

PowerShell

Answer 38

A scripting language allowing for automation on Windows systems

Question 39

Macros

Answer 39

Scripts that run within an application environment

Question 40

Visual Basic for Applications

Answer 40

A macro scripting language for Microsoft Office

Question 41

Python

Answer 41

A general purpose scripting language