3. Malicious code

Question 1

What are the different types of malware?

Answer 1

Malware includes:
* Ransomware
* Trojans
* Worms
* Spyware
* Bloatware
* Viruses
* Keyloggers
* Logic bombs
* Rootkits

Each type has distinctive elements that security analysts need to understand.

Question 2

What do security analysts need to know about malware?

Answer 2

Security analysts need to know:
* What identifies each type of malware
* How to identify it
* Common controls deployed against it
* What to do if encountered

Knowledge of these aspects is crucial for effective malware management.

Question 3

What are common indicators of compromise (IoCs) associated with malware?

Answer 3

Common IoCs include:
* Command and control (C&C) traffic patterns
* IP addresses
* Hostnames
* Domains
* Unexpected use of system utilities
* Lateral movement between systems
* Creation of files and directories
* Encryption of files
* Data exfiltration

These indicators vary based on the type of malware.

Question 4

True or False: Signatures for malware are used to identify specific files associated with given malware packages.

Answer 4

True

However, malware writers use defensive techniques to make identification harder.

Question 5

What methods can be used to mitigate malware?

Answer 5

Methods include:
* Manual removal
* Use of tools to identify and remove malicious files
* Reinstallation of a system
* Restoration from a known good backup

These methods ensure all malware is removed and systems are secure.

Question 6

Fill in the blank: Indicators of compromise associated with malware vary based on the type of malware and how it is _______.

Answer 6

[designed and used]

Understanding the design and usage is key to identifying IoCs.