Chapter 03: Malicious Code

Question 1

______ describes a wide range of software that is intentionally designed to cause harm to systems and devices, networks, or users. It can also gather info provide illicit access, and take a broad range of actions that the legitimate owner of a system or network may not want to occur.

Answer 1

Malware

Question 2

_____ is malware that takes over a computer and then demands a ransom.

Answer 2

Ransomware

Question 3

Defense against ransomware.

Answer 3

Effective backup system that stores files in a separate location that will not be impact if the system or device it backs up is infected and encrypted by ransomware.

Question 4

crypto malware is an example of ______.

Answer 4

Ransomware

Question 5

_____ are a type of malware that is typically disguised as legitimate software.

Answer 5

Trojans

Question 6

______ provide attackers with remote access to systems.

Answer 6

Remote Access Trojans

Question 7

Defense against Trojans

Answer 7

Security Awareness training

Question 8

True or False: Every Trojan is a Remote Access Trojan.

Answer 8

False. A Remote Access Trojan is a subject of a Trojan. But, not every Trojan is a remote access Trojan.

Question 9

____ are self-install and spread themselves.

Answer 9

Worms

Question 10

Stuxnet is an example of a ___.

Answer 10

Worm

Question 11

_______ are malware that is specifically designed to allow attackers to access a system through a backdoor.

Answer 11

Rootkits

Question 12

What are the ways to detect a rootkit on a computer?

Answer 12

• Testing the suspected system from a trusted system or device.
• Rootkit detection tools

Question 13

What is a common recommendation for removing rootkits?

Answer 13

Restore from a good last known backup

Question 14

_____ are methods or tools that provide access that bypasses normal authentication and authorization procedures, allowing attackers access to systems, devices, or applications.

Answer 14

Backdoor

Question 15

Detection for backdoors.

Answer 15

• Unexpected ports
• Unexpected services

Note: More advanced backdoors may be leveraging existing services.

Question 16

_____ are remotely controlled systems or devices that have a malware infection.

Answer 16

Bots

Question 17

Groups of bots are known as ______.

Answer 17

Botnets

Question 18

_____ are used by attackers who control them to perform various actions, ranging from additional compromises and infection, to Denial-of-service attacks or acting as spam relays.

Answer 18

Botnets

Question 19

Many botnet _______ systems operate in a client-server mode. For example, they will contact the _____ systems, which provide commands and updates, and track how many systems are in the botnet.

Answer 19

COC (Command and Control)

Question 20

____ was frequently used to manage client-server botnets in the past, but many modern botnets rely on HTTPS traffic to hide C&C traffic and to prevent it from easily being monitored and analyzed by defenders.

Answer 20

Internet Relay Chat (IRC)

Question 21

_____ are programs that capture keystrokes from keyboards.

Answer 21

Keyloggers

Question 22

Name a defence against Keylogger

Answer 22

Use multifactor Authentication (MFA)

Question 23

______ are not independent malicious programs. Instead, they are functions or code that are placed inside other programs that will activate when set conditions are met.

Answer 23

Logic bombs

Question 24

_____ are malicious programs that self-copy and self-replicate. These typically have a trigger and a payload.

Answer 24

Computer Viruses

Question 25

Payload

Answer 25

What the virus does, delivers, or the actions it performs.

Question 26

Trigger

Answer 26

Sets conditions for the virus to execute.

Question 27

______ remains in memory while the system of device is running.

Answer 27

Memory-resident viruses

Question 28

_____ which will execute, spread and then shut down.

Answer 28

Non-memory resident Virus

Question 29

____ which use macros or code inside word processing software or other tools to spread.

Answer 29

Macro Viruses

Question 30

____ which spread via email either as attachments or as part of the email itself using flaws within email clients.

Answer 30

Email Viruses

Question 31

_____ attacks are similar to traditional viruses in a number of critical ways. They spread via methods like spam email and malicious websites, and they exploit flaws in browser plug-ins and web browsers themselves.

Answer 31

Fileless Viruses

Question 32

_____ is malware that is designed to obtain information about an individual, organization, or system.

Answer 32

Spyware

Question 33

____ is a type of spyware used to illicitly monitor partners in a relationships.

Answer 33

stalkerware

Question 34

Spyware Defense

Answer 34

• Antimalware tools
• User awareness

Question 35

______ are programs not wanted by the user but are not as dangerous as other types of malware. These are typicall installed without the user’s awareness or as part of a software bundle.

Answer 35

Potentially Unwanted Programs (PUP)

Question 36

____ include adware, browser toolbars, web browser-tracking programs, and others.

Answer 36

PUPs

Question 37

______ is where AI is used by attackers for malicious purposes.

Answer 37

Adversarial Artificial Intelligence