1.1 Given a scenario, analyze indicators of compromise and determine the type of malware. Flashcards
What type of malware could remove Explorer, Task Manager, and PowerShell from a user’s Windows computer?
A rootkit
A rootkit is backdoor malware that changes core system files and programming interfaces, so that local shell processes no longer reveal their presence.
Spyware is a program that monitors user activity and sends the information to someone else, with or without the user’s knowledge.
Adware is any type of software that displays commercial offers and deals. Adware software can have a negative impact on performance and can include accepting a long license agreement.
Crypto-malware is a class of ransomware that attempts to encrypt data files. The user will be unable to access the files without obtaining the private encryption key, held by the attacker.
An attacker installed malware that removed Explorer, Task Manager, and PowerShell from a user’s Windows computer. What type of malware did the attacker install on the victim host?
Rootkit
A rootkit is backdoor malware that changes core system files and programming interfaces, so that local shell processes no longer reveal their presence.
Spyware is a program that monitors user activity and sends the information to someone else, with or without the user’s knowledge.
Adware is any type of software that displays commercial offers and deals. Adware software can have a negative impact on performance and can include accepting a long license agreement.
Crypto-malware is a class of ransomware that attempts to encrypt data files. The user will be unable to access the files without obtaining the private encryption key, held by the attacker.
What is the difference between a virus and a worm?
Viruses replicate by infecting applications, worms are self-contained.
A computer virus is malware that replicates and spreads from computer to computer, usually by “infecting” executable applications or program code. Worms are memory-resident viruses that replicate over network resources. A worm is self-contained; that is, it does not need to attach itself to another executable file.
Both computer viruses and worms replicate and spread from computer to computer throughout an infected network.
Viruses, not worms, replicate by infecting applications. Worms are self-contained and do not need to attach themselves to other applications.
Both computer viruses and worms replicate and spread from computer to computer throughout an infected network.
During an internal investigation, a security specialist discovered a malicious backdoor script on a system administrator’s machine that executes if the admin’s account becomes disabled. What type of malware did the specialist discover?
A logic bomb
A logic bomb is a malicious program or script that is set to run under particular circumstances or in response to a defined event, such as disabling an account.
A worm is a type of virus that spreads through memory and network connections, rather than infecting files.
Cypto-malware is a class of ransomware that attempts to encrypt data files on any fixed, removable, and network drives.
A Remote Access Trojan functions as a backdoor, and allows the attacker to access the PC, upload files, and install software on it.
For an attacker to perform a Distributed Denial of Service (DDoS) attack, which of the following control programs would allow the hacker to compromise devices and turn them into zombies?
A bot
A botnet is a set of computers that has been infected by a control program called a bot, that enables attackers to exploit the computers to mount attacks.
A Remote Access Trojan (RAT) functions as backdoor, and allows the attacker to access the PC, upload files, and install software on it.
Spyware is a program that monitors user activity and sends the information to someone else. This can occur with or without the user’s knowledge.
A rootkit is backdoor malware that changes core system files and programming interfaces, so that local shell processes no longer reveal their presence.
An attacker used social engineering to convince the victim to install a malicious program disguised as a driver update. The backdoor software allowed the attacker to remotely access the victim’s PC, upload files, and install software on it. What type of malicious software does this describe?
A Remote Access Trojan (RAT)
A RAT backdoor allows remote control to a computer and allows the attacker to access the PC, upload files, and install software on it.
Worms are memory-resident viruses that replicate over network resources. The primary effect of a worm infestation is to rapidly consume network bandwidth as the worm replicates. A worm may also be able to perform a Denial of Service (DoS) attack by crashing operating systems and servers.
Spyware is software that records information about a PC and its users, often installed without the user’s consent.
Ransomware is malware that tries to extort money from the victim, for instance, by appearing to lock the victim’s computer or by encrypting their files.
A few end-users contacted the cyber security department about browser pop-ups on their computer, and explained that some websites they visit redirect them to other sites they did not intend to navigate to. The security team confirmed the pop-ups and noted modified DNS (Domain Name System) queries that go to nefarious websites hosting malware. What most likely happened to the users’ computers?
Spyware infected the computers.
One spyware technique is to spawn browser pop-up windows, as well as modify DNS queries attempting to direct the user to other websites, often of dubious provenance.
Ransomware is a type of Trojan malware that tries to extort money from the victim. It will display threatening messages, stating the computer will remain locked until the ransom is paid.
An adware browser plug-in displays commercial offers and deals. Some adware may exhibit spyware like behavior, by tracking the websites a user visits and displaying targeted ads, for instance.
Crypto-malware is a class of ransomware that attempts to encrypt data files. The user will be unable to access the files without obtaining the private encryption key, which is held by the attacker.
An attacker used a phishing email to successfully install a keylogger Trojan onto a victim’s computer, to steal confidential information when the user types information into the webform of a website. How can the user mitigate this threat?
Use a keyboard that encrypts keystrokes.
One way to mitigate the effects of keylogging is to use a keyboard that encrypts the keystroke signals before they are sent to the system unit.
A logic bomb is a malicious program or script that is set to run under particular circumstances or in response to a defined event.
Shoulder surfing refers to stealing a password or PIN (or other secure information) by watching the user type it.
Tailgating is a means of entering a secure area without authorization by following close behind the person that has been allowed to open the door or checkpoint.
A script kiddie installed a backdoor on a victim’s computer that enabled the attacker to remotely access the PC, upload files, and install software on it. What kind of malware did the script kiddie install?
A Remote Access Trojan (RAT)
An IT staff member used an administrator account to download and install a software application. After the user launched the .exe extension installer file, the user received pop-up ads, frequent crashes, slow computer performance, and strange services running when the staff member turns on the computer. What most likely happened to cause these issues?
The user installed Trojan horse malware.
A Trojan is a malicious program hidden within an innocuous-seeming piece of software. Usually, the Trojan tries to compromise the security of the target computer.
Rogueware is a fake antivirus, where a web pop-up claims to have detected viruses on the computer and prompts the user to initiate a full scan, which installs the attacker’s Trojan.
Adware is software that records information about a PC and its user, and usually displays pop-ups of commercial offers and deals.
Crypto-malware is a class of ransomware that attempts to encrypt data files. If the attack is successful, the user will be unable to access the files without obtaining the private encryption key, which is held by the attacker.
An end-user installed an application and began receiving pop-up ads, frequent crashes, slow computer performance, and strange services running. Which of the following most likely describes what occurred to cause these problems?
The user installed Trojan horse malware.
An end-user installed an application and began receiving pop-up ads, frequent crashes, slow computer performance, and strange services running. Which of the following most likely describes what occurred to cause these problems?
The user installed Trojan horse malware.
A Trojan is a malicious program hidden within an innocuous-seeming piece of software. Usually, the Trojan tries to compromise the security of the target computer.
Rogueware is a fake antivirus, where a web pop-up claims to have detected viruses on the computer and prompts the user to initiate a full scan, which installs the attacker’s Trojan.
Adware is software that records information about a PC and its user, and usually displays pop-ups of commercial offers and deals.
Crypto-malware is a class of ransomware that attempts to encrypt data files. If the attack is successful, the user will be unable to access the files without obtaining the private encryption key, which is held by the attacker.
If a user’s computer becomes infected with a botnet, which of the following can this compromise allow the attacker to do? (Select more than one)
Launch a Distributed Denial of Service (DDoS) attack
Launch a mass-mail spam attack
Establish a connection with a Command and Control server
RAT backdoor applications can allow the attacker to use the computer in a botnet to launch Distributed Denial of Service (DoS) attacks.
RAT backdoor applications can allow the user to use the computer in a botnet to launch mass-mail spam attacks.
A RAT must establish a connection from the compromised host to a Command and Control (C2 or C&C) host or network operated by the attacker.
Tailgating is a social engineering technique to gain access to a building by following someone else (or persuading them to “hold the door”).
A script kiddie installed a backdoor on a victim’s computer that enabled the attacker to remotely access the PC, upload files, and install software on it. What kind of malware did the script kiddie install?
A Remote Access Trojan (RAT)
A RAT backdoor allows remote control to a computer and allows the attacker to access the PC, upload files, and install software on it.
Worms are memory-resident viruses that replicate over network resources. The primary effect of a worm infestation is to rapidly consume network bandwidth as the worm replicates. A worm may also be able to perform a Denial of Service (DoS) attack by crashing operating systems and servers.
Spyware is software that records information about a PC and its users, often installed without the user’s consent.
Ransomware is malware that tries to extort money from the victim, for instance, by appearing to lock the victim’s computer or by encrypting their files.
An attacker installed malware that removed Explorer, Task Manager, and PowerShell from a user’s Windows computer. What type of malware did the attacker install on the victim host?
Rootkit
A rootkit is backdoor malware that changes core system files and programming interfaces, so that local shell processes no longer reveal their presence.
Spyware is a program that monitors user activity and sends the information to someone else, with or without the user’s knowledge.
Adware is any type of software that displays commercial offers and deals. Adware software can have a negative impact on performance and can include accepting a long license agreement.
Crypto-malware is a class of ransomware that attempts to encrypt data files. The user will be unable to access the files without obtaining the private encryption key, held by the attacker.
