1.1 Given a scenario, analyze indicators of compromise and determine the type of malware.

Question 1

Malware

Answer 1

Malicious software

Gather information - Keystrokes

Question 2

Virus

Answer 2

Malware that can reproduce itself through file systems or the network

Question 3

Program viruses

Answer 3

It’s part of the application
• Boot sector viruses - Who needs an OS?
• Script viruses - Operating system and browser-based
• Macro viruses - Common in Microsoft Office

Question 4

Boot sector viruses

Answer 4

Virus type that undermines OS

Question 5

Script viruses

Answer 5

Operating system and browser-based

Question 6

Macro viruses

Answer 6

Common in Microsoft Office

Question 7

Worms

Answer 7

• Malware that self-replicates
• Doesn’t need you to do anything
• Uses the network as a transmission medium
• Self-propagates and spreads quickly
• Firewalls and IDS/IPS can mitigate many worm infestations
BAD when they get inside

Question 8

Worms Process

Answer 8

1. Infected computer
searches	for vulnerable system
2. Vulnerable	computer is exploited
3. Backdoor is installedand	
downloads worm

Question 9

• Personal data

Answer 9

• Important documents

* Family pictures and videos

Question 10

• Organization data

Answer 10

• Planning documents
• Employee personally identifiable information (PII)
• Financial information
• Company private data

Question 11

Ransomware

Answer 11

Hold your computer, data hostage
could be fake
security professional can help get rid of this type of malware

Question 12

• Crypto-malware

Answer 12

New generation of ransomware
• Your data is unavailable until you provide cash
• Malware encrypts your data files
• Pictures, documents, music, movies, etc.
• Your OS remains available
• They want you running, but not working
• You must pay the bad guys to obtain the decryption key
• Untraceable payment system
• An unfortunate use of public-key cryptography

Question 13

Ransomware Protection

Answer 13

an offline backup, ideally
• Patch those vulnerabilities operating system , applications security patches
antivirus/anit-malware signatures are up to date

Question 14

Trojan horse

Answer 14

• Software that pretends to be something else
• Circumvents your existing security
• The better Trojans are built to avoid and disable AV

Question 15

Backdoors

Answer 15

• Often placed on your computer through malware
• Some malware software can take advantage of backdoors created by other malware
• Some software includes a backdoor

Question 16

Remote Access Trojans (RATs)

Answer 16

• Remote Administration Tool
• Malware installs the server/service/host - Bad guys connect with the client software
• Control a device -• Key logging, screen recording /screenshots, copy files
• Embed more malware

Question 17

Rootkits

Answer 17

• Modifies core system - kernel
• Can be invisible to the operating system
• Won’t see it in Task Manager or anti-virus utilities
• If you can’t see it, you can’t stop it

Question 18

Kernel drivers

Answer 18

• Zeus/Zbot malware
• Famous for cleaning out bank accounts
• Now combined with Necurs rootkit
• Necurs is a kernel-level driver
• Necurs makes sure you can’t delete Zbot
• Access denied
• Trying to stop the Windows process?
• Error terminating process: Access denied

Question 19

Keyloggers

Answer 19

• Your keystrokes contain-Web site login URLs, passwords, email messages and  Save all of your input
• Send it to the bad guys
• Circumvents encryption protections
• Your keystrokes are in the clear
• Other data logging
• Clipboard logging, screen logging,
instant messaging, search engine queries

Question 20

Preventing Keyloggers

Answer 20

• Use anti-virus/anti-malware
• Keep your signatures updated
• Block unauthorized communication
• Run a keylogging scanner

Question 21

Adware

Answer 21

• Pop-ups with pop-ups
• May cause performance issues
• May be included with other software installations

Question 22

Spyware

Answer 22

• Malware that spies on you
• Advertising, identity theft, affiliate fraud
• Can trick you into installing
• Peer to peer, fake security software
• Browser monitoring - Capture surfing habits
• Keyloggers
• Capture every keystroke, send it back to the mother ship

Question 23

Protecting against adware/spyware

Answer 23

• Maintain your anti-virus / anti-malware
• Always have the latest signatures
• Always know what you’re installing
• And watch your options during the installation
• backup?•
• Cleaning adware by Run some scans
• Malwarebytes for example

Question 24

Botnets

Answer 24

• Robot networks
• Once your machine is infected, it becomes a bot
• from • OS or application vulnerability
or Trojan Horses - You run a program or click an ad you THOUGHT was legit, but…
• Distributed Denial of service (DDoS)
• Botnets are for sale

Question 25

Prevent Bots

Answer 25

• OS and application patches
Anti-virus/anti-malware 
and updated signatures
Prevent command and control (C&C)
• Block at the firewall
• Identify at the workstation with a 
host-based firewall or host-based IPS

Question 26

Logic bomb

Answer 26

Waits for a predefined event
• Often left by someone with grudge
• Time bomb - Time or date
• User event - Logic bomb
• Difficult to identify
• Difficult to recover if it goes of

Question 27

Preventing a logic bomb

Answer 27

• Process and procedures
• Formal change control
• Electronic monitoring
• Alert on changes
• Host-based intrusion detection, Tripwire, etc.
• Constant auditing
• An administrator can circumvent existing systems

Question 28

Phishing

Answer 28

• Social engineering with a touch of spoofing

Question 29

• Vishing

Answer 29

done over the phone

• Fake security checks or bank updates

Question 30

Spearfishing

Answer 30

Spearfishing

Question 31

whaling

Answer 31

• Spear phishing the CEO is