CH02 Malware

Question 1

Virus Definition

Answer 1

Malicious code that runs on a machine without the user’s knowledge and infects the computer when executed.

Viruses require a user action in order to reproduce and spread

Question 2

What is Boot Sector Virus?

Answer 2

viruses are stored in the first sector of a hard drive and are loaded into memory upon boot up.

Question 3

What is Macro Virus?

Answer 3

Virus embedded into a document and is executed when the document is opened by the user

Question 4

What is program virus?

Answer 4

Program viruses infect an executable or application

Question 5

What is Multipartite virus?

Answer 5

Virus that combines boot and program viruses to first attach itself to the boot sector and system files before attacking other files on the computer

Question 6

What is Encrypted Virus?

Answer 6

Uses cipher to encrypt the contents of itself to avoid detection by any antivirus software

Question 7

What is Polymorphic virus?

Answer 7

Advanced version of an encrypted virus that changes itself every time it is executed by altering the decryption module to avoid detection

Question 8

What is Metamorphic virus?

Answer 8

Virus that is able to rewrite itself entirely before it attempts to infect a file (advanced version of polymorphic virus)

Question 9

What is Stealth virus ?

Answer 9

refers to a category of virus that protects itself. (Example: Encrypted, polymorphic, and metamorphic viruses)

Question 10

What is Armored virus?

Answer 10

Armored viruses have a layer of protection to confuse a program or person analyzing it

Question 11

What is Hoax ?

Answer 11

Tries to trick the user into infecting their own machine. May come in the form of a message or a website that pops up. It disguises itself and prompts users to call tech support telling them that their machine has been infected

Question 12

What is worm?

Answer 12

Malicious software, like a virus, but is able to replicate itself without user interaction.
Worms can cause disruption to normal network traffic and computing activities
Example : 2009: 9-15 million computers infected with conficker

Question 13

What is Trojans?

Answer 13

Malicious software that is disguised as a piece of harmless or desirable software
Trojans perform desired functions and malicious functions

Question 14

What is Remote Access Trojan (RAT)?

Answer 14

Provides the attacker with remote control of a victim computer and is the most commonly used type of Trojan

Question 15

What is Ransomware ?

Answer 15

malware that restricts access to a victim’s computer system until a random is received.
Ransomware uses a vulnerability in your software to gain access and then encrypts your files
Example : $17 million: SamSam cost the City of Atlanta

Question 16

What is Spyware ?

Answer 16

Malware that secretly gathers information about the user without their consent

Captures keystrokes made by the victim and takes screenshots that are sent to the attacker

Question 17

What is Adware ?

Answer 17

Type of spyware that displays advertisements based upon its spying on you

Question 18

What is Grayware ?

Answer 18

Software that isn’t benign nor malicious and tends to behave improperly without serious consequences

Question 19

What is Rootkit ?

Answer 19

Software designed to gain administrative level control over a system without detection

DLL injection is commonly used by rootkits to maintain their persistent control

Rootkits are activated before booting the operating system and are difficult to detect

Question 20

What is DLL Injection ?

Answer 20

Malicious code is inserted into a running process on a Windows machine by taking advantage of Dynamic Link Libraries that are loaded at runtime

Question 21

What is Driver Manipulation ?

Answer 21

An attack that relies on compromising the kernel-mode device drivers that operate at a privileged or system level

A shim is placed between two components to intercept calls and redirect them

Question 22

What is Spam ?

Answer 22

Activity that abuses electronic messaging systems, most commonly through email