Ethical Hacking 8 Flashcards
A client has brought to you several workstations that are presenting with various symptoms and issues. Within the list are several obvious symptoms of malware infection, while other symptoms appear to be benign hardware or software issues. What workstations are most likely NOT infected by a virus?
Workstation D: Computer displays an error about the system clock immediately upon turn on, and the system date time is off by several months.
Workstation A: Computer beeps several times when powered on, does not display anything on the screen. Beeps continue same pattern until computer is turned off via power button.
Which of the following is NOT an indication of a virus attack?
The computer beeps at startup with no screen display.
Which virus was specifically designed to wreak havoc in a real-time physical environment?
Stuxnet
Which type of malware is a self-replicating program that produces its own code by attaching copies of itself to other executable codes, and operates without the knowledge or desire of the user.
virus
What is true about the first known computer virus?
It caused a poem to be displayed on every 50th boot.
After detecting a virus or worm infecting a network, what should be the next step responding personnel take on the system?
Utilities such as handle.exe, listdlls.exe, fport.exe, and netstat.exe should be used to gather intelligence information on how the infection is behaving.
What virus construction kit can you use to encrypt a virus you’ve developed and generate a random decryptor using random registered and random instructions?
Rajaats Tiny Flexible Mutator
Which file extension could indicate a file that is harboring a virus and is system device driver on Windows systems?
.SYS
An executable file that was determined to be infected with a virus was terminated from the running processes list. However, after a few seconds, you discover the infected file is running again, despite no other processes appearing to be infected. What type of virus might this be?
terminate and stay resident virus
A client has asked for you to test their anti-virus and malware scanning software by attempting to exploit common office software. You have chosen to target the client’s use of Microsoft office programs, which is present on all workstations in the environment. What kind of virus is ideally suited for this kind of attack?
macro virus
What worm, designed for use in cyber-warfare against Iranian targets, has the capability to manipulate and control real-world equipment?
Stuxnet
What statements accurately describe how a worm differs from a virus?
A worm will attempt to spread after being installed, using different vectors at its disposal.
A work typically does not typically modify programs.
A virus or worm that deprives users of control over their computers, creating frustration and lack of confidence in modern technology is considered to cause what type of damage?
Psychological Damages
What statement accurately describe a virus signature?
A virus signature is an identifying piece of code unique to a virus that is used by anti-virus scanners.
When the virus code forms a layer around the target host program’s code and the original code is moved to a new location by the virus code, what form of virus is being used?
Shell Virus
