J.Dion Sec. 6 Malware

Question 1

Any software that is designed to infiltrate a computer system without the user’s knowledge.

Answer 1

Malware

Question 2

What two things does malware need to create?

Answer 2

Threat vector
Attack vector

Question 3

Specific method used by an attacker to infiltrate a victim’s machine.

Answer 3

Threat Vector

Question 4

What are some examples of threat vectors?

Answer 4

Unpatched software
Installing code
User clicks on a link
Phishing campaign
Other vulnerabilities or exploits that can be taken advantage of.

Question 5

A means by which an attacker gains access to a computer to infect the system with malware.

Answer 5

Attack vector

Question 6

When we say threat vector think

Answer 6

ways the attacker breaks into the system.

Question 7

When we say attack vector think

Answer 7

ways the attacker breaks into and infects the system.

Question 8

What vulnerability was the MS17-010 security patch was made to patch?

Answer 8

The EternalBlue vulnerability

Question 9

What is the vulnerability on computers missing the MS17-010 patch?

Answer 9

File and printer services that operate over the SMB protocol are vulnerable on the system until it has been updated with the patch.

Question 10

Which known attack ran scans all day and all night to find as many unpatched Windows machines running version 7 through 10 missing the MS17-010 patch?

Answer 10

WannaCry ransomware

Question 11

How did WannaCry Ransomware do it?

Answer 11

They would run the exploit against machines not updated, gain administrative rights over the system to then encrypt the user’s files with a message on the screen saying “Computers locked and if you want to access it you owe x-amount of bitcoin for decryption key.”

Question 12

Malicious code that’s run on a machine without the user’s knowledge and this allows the code to infect the computer whenever it has been run.

Answer 12

Computer virus

Question 13

What are the 10 different types of viruses?

Answer 13

Boot sector
Macro
Program
Multipartite
Encrypted
Polymorphic
Metamorphic
Stealth
Armor
Hoax

Question 14

Virus type that is stored in the first sector of a hard drive and is then loaded into memory whenever the computer boots up.

Answer 14

Boot sector virus

Question 15

Why are boot sector viruses difficult to detect?

Answer 15

Boot sector viruses are installed before the operating system boots up and are able to from antivirus scans.

Question 16

How to detect boot sector viruses?

Answer 16

Use a specific antivirus that looks for boot sector viruses which are usually run from a network anti-virus scanning engine or from an anti-virus that can be loaded from a Linux live boot disc.

Question 17

Virus type that is a form of code that allows a virus to be embedded inside another document so that when that document is opened by the user, the virus is executed.

Answer 17

Macro virus

Question 18

Where are the most common macros examples found?

Answer 18

In Microsoft Word documents or Excel spreadsheets

Question 19

What makes macros malicious?

Answer 19

Macros by default are used to add specific functionality to different documents without needing to create an entire program to do it.

Malice occurs when someone purposely adds malicious codes into documents.

Question 20

Virus type that tries to find executable or application files to infect with their malicious code.

Answer 20

Program virus

Question 21

Virus type that is a combination of a boot sector type virus and a program virus.

Answer 21

Mutipartite virus

Question 22

How does a multipartite virus work?

Answer 22

The virus can place itself into the boot sector and be loaded every time at boot time then it can install itself within a program.

Virus maintains persistence on infected machine.

Question 23

Standalone malware programs that replicate and spread to other systems by exploiting software vulnerabilities.

Answer 23

Worms

Question 24

Malicious software that attaches to clean files and spreads into a computer system.

Answer 24

Virus

Question 25

Malicious programs which appear to be legitimate software that allow unauthorized access to a victim’s system when executed.

Answer 25

Trojans

Question 26

Encrypts a user’s data and holds it hostage until a ransom is paid to the attacker for decryption.

Answer 26

Ransomware

Question 27

Compromised computers that are remotely controlled by attackers and used in coordination to form a botnet.

Answer 27

Zombies

Question 28

Network of zombies and are often used for DDoS attacks, spam distribution, or cryptocurrency mining.

Answer 28

Botnet

Question 29

Malicious tools that hide their activities and operator at the OS level to allow for ongoing priviledged access.

Answer 29

Rootkits

Question 30

Malicious means of bypassing normal authentication process to gain unauthorized access to a system.

Answer 30

Backdoors

Question 31

Embedded code placed in legitimate programs that execute a malicious action when a specific condition or trigger occurs.

Answer 31

Logic Bombs

Question 32

Record a user’s keystrokes and are used to capture passwords or other sensitive information.

Answer 32

Keyloggers

Question 33

Software that secretly monitors and gathers users information or activities and sends data to third parties.

Answer 33

Spyware

Question 34

Unnecessary or pre-installed software that consumes system resources and space without offering any value to the user.

Answer 34

Bloatware

Question 35

What is an example of a program virus?

Answer 35

Browsing the internet and accidentally opening a program virus that will try to install itself into one of your programs like Microsoft Word.

Question 36

How do program viruses infect?

Answer 36

When a program virus is installed into a computer program like Microsoft Word, every time the infected application is opened the installed program virus will infect the computer each and every time. It can keep re-infecting the system.

Question 37

Type of virus designed to hide itself from being detected by encrypting its malicious code or payloads to avoid detection by any antivirus software.

Answer 37

Encrypted Virus

Question 38

Why are encrypted viruses difficult for anti-virus software to detect?

Answer 38

The malicious code is scrambled into cipher text which makes it unreadable to both the user and anti-virus software.

Question 39

Type of virus that is an advanced version of an encrypted virus but instead of just encrypting the contents, it will actually change the virus’s code each time it is executed by altering the decryption module in order for it to evade detection.

Answer 39

Polymorphic virus

Question 40

Type of virus that is able to rewrite itself entirely before it attempts to infect a given file.

Answer 40

Metamorphic Virus

Question 41

This type of virus is not necessarily a specific type of virus as much as it is a technique used to prevent the virus from being detected by the anti-virus software.

Answer 41

Stealth Virus

Question 42

What techniques do stealth viruses use to avoid being detected by anti-virus software?

Answer 42

Encrypting its contents
Modifying its payload

Question 43

Type of virus that has a layer of protection to confuse a program or a person who is trying to analyze it.

Answer 43

Armored Virus

Question 43

Type of virus that isn’t an actual virus but a form of technical social engineering that attempts to scare end users into taking undesirable actions on their systems.

Answer 43

Hoax

Question 44

Piece of malicious software, much like a virus, but it can replicate itself without any user interaction.

Answer 44

Worm

Question 45

How do worms infect?

Answer 45

Worms take advantage of vulnerabilities in operating systems and applications if appropriate security controls or security patching isn’t done.

Worm could scan network and find a workstation that is missing a security patch then taking advantage of workstation

Question 45

What is the key difference between a virus and worm?

Answer 45

A virus requires a user to take some action such as opening a file, clicking on a malicious web link, or connecting a mass storage device to the system.

Where as a worm, can replicate itself and spread throughout the network without user’s consent or action.

Question 46

Why are worms very dangerous?

Answer 46

They can affect the workstation and other computing assets.

They can cause disruptions to the normal network traffic since they are constantly trying to replicate and spread across the network.
Consuming not only network resource but also compute power, processing power, memory power, and network capacity.

Question 47

What happens when a worm replicates itself too rapidly?

Answer 47

Denial-of-service attack against network and associated servers.

Question 48

How fast was the worm Nimda able to propagate across the entire internet in 2021?

Answer 48

22 minutes

Question 49

This worm is one of the largest seen in to date and was able to infect between 9 and 15 million machines.

Answer 49

Conficker in 2009

Question 50

What vulnerability was the worm Conficker seeking?

Answer 50

Windows operating system critical security patch known as 08-067.

Question 51

What was the security patch 08-067 designed to solve?

Answer 51

A software vulnerability inside the way Windows was doing file and printer sharing.

Question 52

Piece of malicious software that is disguised as a piece of harmless or desirable software.

Answer 52

Trojan

Question 53

Type of Trojan that is widely used by modern attackers because it provides the attacker with remote control of a victim machine.

Answer 53

Remote Access Trojan (RAT)

Question 54

How are Trojans commonly used by attackers?

Answer 54

Attackers exploit a vulnerability in a workstation, conduct data exfiltration to steal sensitive documents, and then create back doors to create persistence in your system.

Question 55

Type of malicious software that is designed to block access to a computer system or its data by encrypting it until a ransom is paid to the attacker.

Answer 55

Ransomware

Question 56

The Colonial Pipeline attack in 2021 was what type of attack?

Answer 56

Ransomware

Question 57

What group led the Colonial Pipeline attack in 2021?

Answer 57

Darkside

Question 58

What happened in the Colonial Pipeline attack?

Answer 58

Colonial Pipeline was attacked with ransomware

Pipeline was shut down for 5 days caused massive disruptions to USA fuel on the East coast.

The attackers, Darkside, demanded/received a ransom of $4.4 million dollars in bitcoin for exchange of a decryption key.

Question 59

What ransomware attack occurred in 2020?

Answer 59

Universitatsklinikum Dusseldorf in September 2020 was disrupted by a ransomware attack.

Hospital computers were disrupted and patients had to be diverted to other hospitals for emergency treatments.

A woman with a life-threatening condition died due to this delay in care and being diverted.

This was the first death directly related to ransomware attack in a hospital.

Question 60

Network of compromised computers or devices controlled remotely by malicious actors.

Answer 60

Botnet

Question 61

What can an attacker use through a botnet attack?

Answer 61

If attackers are successful they gain access to use a computers processing, memory, storage, and networking resources.

Question 62

Name of a compromised computer or device that is part of a botnet and used to perform tasks using remote commands.

Answer 62

Zombie

Question 63

Responsible for managing and coordinating the activities of other nodes or devices within a network.

Answer 63

Command and Control Node

Also known as C2 node

Question 64

These are used to span others by sending out phishing campaigns and other malware.

Answer 64

Botnets

Question 65

What is the most common type of botnet attack?

Answer 65

DDoS

Distributed Denial of Service Attack

Question 66

Used for cyberattacks or other malicious activity.

a. Botnet
b. Zombie

Answer 66

Used to perform the task using remote commands from the attacker without the user’s knowledge.

a. Botnet
b. Zombie

Question 67

Tasks using remote commands from the attacker without the user’s knowledge to perform crypto mining or break encryption.

Answer 67

Zombie

Question 68

Type of software that is designed to gain administrative-level control over a given computer system without being detected.

Answer 68

Rootkit