Lesson 10 - Chapter 1: Malware

Question 1

What is malware?

Answer 1

software designed to do something harmful to a system or network

(maldad)

Question 2

What are 4 of the many types of malware?

v, b, t, r

Answer 2

1. Virus
2. Boot Sector Virus
3. Trojan Horse
4. Rootkit

Question 3

What is a virus?

Answer 3

a program with 2 jobs: to replicate and to activate

Question 4

What is replication? (Virus)

Answer 4

it makes copies of itself by injecting itself as extra code added to the end of executable programs or hiding out in a drive’s boot sector

Question 5

What is activation? (Virus)

Answer 5

when a virus does something like corrupt data or steal private information

Question 6

A virus only replicates to….

Answer 6

other drives (thumb drives, optical media)

Question 7

Can a virus replicate itself across networks?

Answer 7

No

Question 8

A virus needs ___ ___ to spread

Answer 8

human action

Question 9

What is a boot sector virus?

Answer 9

a virus that infects the boot sector of the hard drive (so the virus loads on boot)

(stays in memory, infects other files as they run)

Question 10

What is a Trojan Horse?

Answer 10

malware that pretends to do one thing but behind the scenes does something evil

(can be a game, fake security program, etc)

Question 11

Can a Trojan Horse replicate?

Answer 11

No

(viruses do replicate though)

Question 12

What is a Rootkit?

Answer 12

a program that takes advantage of very low-level operating system functions to hide itself from all but the most aggressive anti-malware tools

Question 13

A rootkit by definition gains privileged access to a computer, which can strike what 3 things?

Answer 13

1. Operating systems
2. Hypervisors
3. Firmware (hard drives, accessories)

Question 14

What are 5 bad things malware can potentially do?

S
R
Z, b
C
G

Answer 14

1. Harvest private information (spyware)
2. Hold files for ransom (ransomware)
3. Use the PC to attack other systems (zombie; botnet)
4. Cryptomine
5. Gain a foothold in the system

Question 15

What is spyware?

Answer 15

software that spies on the computer user, collecting info about their activities and habits

Question 16

Keyloggers are what type of software?

Answer 16

spyware

Question 17

What are keyloggers? are they all malware? (2)

Answer 17

keyloggers log the user’s keystrokes and sends the data back to the spyware creator (harvesting important info like passwords, cc numbers)

not all are malware, parental controls use keyloggers

Question 18

What is ransomware?

Answer 18

encrypts all the data it gains access to on a system and even mapped network drives!

Question 19

What happens after ransomware locks up all your data?

Answer 19

the ransomware application pops up a message asking for money (often bitcoins) to decrypt your data often with a timer and if it reaches 0 triggers the deletion of the encryption keys

Question 20

What’s a zombie?

Answer 20

an infected computer that obeys the commands of the malware creator

(zombie puppet)

Question 21

What is a botnet?

Answer 21

a network of infected computers under the control of a single person or group

(can easily grow into millions of zombies for large networks)

[zombie horde]

Question 22

What is a bot herder? What does it activate?

Answer 22

controls the botnet actions, activates scripts installed on the zombies to launch an attack

[Puppet master]

Question 23

What’s one of the most common ways to send spam?

Answer 23

using botnets (use hacked/stolen bandwidth)

Question 24

Which method is used to launch Denial of Service (DoS) and Distributed DoS (DDoS) attacks?

Answer 24

botnets

Question 25

What is crypto mining?

Answer 25

using a computer’s processing power to “mine” for cryptocurrency

Question 26

What malware method is used for crypto mining?

Answer 26

botnets

(malware creators use bots to take control of zombies and steal processing power as a mining ‘team’)

Question 27

How does malware help a criminal gain a foothold in the system?

Answer 27

some malware creates a backdoor that cybercriminals use to access the system’s data (can harvest info and sell it)

Question 28

What’s one tricky thing about how malware presents?

Answer 28

it can appear like normal PC “wonkiness”

(momentary slowdowns, random one-time crashes, etc)

Question 29

What are 8 symptoms of a PC infected by malware?

1. sl
2. ap
3. cha
4. me
5. up
6. lo
7. ov
8. se

Answer 29

1. Slow PC
2. Application crashes
3. Changed permissions or missing or renamed files
4. Messages you didn’t send
5. Update/Protection software stops working
6. Loss of Internet connectivity
7. Overwritten Hosts file
8. Security alerts

Question 30

A slow PC can mean what 2 things?

Answer 30

1. too many applications are open at once
2. system hit with malware (like a botnet using up CPU)

Question 31

How do you tell the difference between a normal application crash and malware?

Answer 31

if it’s happening a lot (even when all applications are closed)

(also goes for frequent lockups too)

Question 32

What does malware try to do to system files?

Answer 32

rename system files, change file permissions, or hide files

Question 33

How would you know when malware is fighting back?

Answer 33

Windows Update stops working or tools show up as “Access Denied”

Question 34

What do you do if removing malware broke your Internet connection?

Answer 34

reinstall your NIC and its drivers, reboot router, etc

Question 35

What is a Hosts file?

Answer 35

overrules any DNS settings and can redirect your browser to whatever site the malware adds to the file

Question 36

How would you know if malware has overwritten your hosts file?

Answer 36

you type in one web address and end up at a different site

Question 37

What is rogue anti-malware?

Answer 37

free anti-malware applications that are actually malware

Question 38

The only way to permanently protect your PC from malware is to what?

Answer 38

disconnect it from the Internet (unlikely scenario)

Question 39

What are 4 tools you have for combating malware?

Answer 39

1. Anti-malware software
2. Training and awareness
3. Patch management
4. Remediation

Question 40

What 2 ways does an anti-malware product protect your PC?

Answer 40

1. Active seek and destroy mode
2. Passive sentry mode

Question 41

Is antivirus software the same as anti-malware?

Answer 41

malware is a more generic term and refers to all types, antivirus is an older term to remove viruses. today, antivirus software can also target non-virus malware.

Question 42

How do anti-malware programs detect boot sector viruses?

Answer 42

they compare the driver’s boot sector to a standard boot sector because most boot sectors are the same

Question 43

___ viruses are harder to find because they can be found on any file in the drive

Answer 43

executable viruses

Question 44

What does an anti-malware program use to detect executable viruses?

Answer 44

it uses a library of signatures

Question 45

What are signatures?

Answer 45

a code pattern of known viruses

(virus code patterns, a virus’s signature)

Question 46

Where is the library of signatures stored?

Answer 46

in a definition file

Question 47

Anti-malware programs compare each executable file to its library of ____

Answer 47

signatures

Question 48

The first line of defense shouldn’t be anti-malware but ___ ___

Answer 48

user education

Question 49

What is patch management?

Answer 49

keeping systems patched

(automatic updating OS, otherwise update it manually)

Question 50

What are the 7 steps to take to remediate malware?

On the A+ exams

Answer 50

1. Identify malware symptoms
2. Quarantine infected system
3. Disable System Restore (Windows)
4. Remediate infected systems (update anti-malware software, use scan and removal)
5. Schedule scans and run updates
6. Enable System Restore and create a restore point (Windows)
7. Educate end users

Question 51

What are 2 signs a PC might be infected?

Answer 51

1. Starts spewing emails
2. Was running fast yesterday but today it’s sluggish

Question 52

What are 2 ways to disconnect and quarantine a system?

Answer 52

1. Software employed on a network that automatically monitors and cuts off a machine from the network if it starts to send suspicious packets
2. Manually disconnect the network cable

Question 53

Before making any changes to get rid of the virus/malware, what should you do? Why?

Answer 53

disable System Restore so the virus isnt’ included in any restore points going forward

Question 54

How do you turn off System Restore in Windows?

Answer 54

Settings > System > About > System Protection > Select Drive > Configure > Disable system protection

Question 55

What kinds of events might malware leave traces of in Event Viewer? (3)

Answer 55

1. Destabilizing programs
2. Disabling protection services
3. Triggering warnings about resource use

Question 56

What do you do after you’ve isolated the infected computer(s)?

Answer 56

get to a safe boot environment and run anti-malware software

(try Windows Recovery Environment first bc it only requires a reboot)

Question 57

How do you boot into the Windows Recovery Environment?

Answer 57

Hold down SHIFT as you click the POWER button on the START menu

Question 58

What do you do if you suspect a boot sector virus and can’t use Windows Recovery Environment?

Answer 58

use an external bootable source (bootable CD or USB flash drive)

Question 59

Get into the habit of keeping around a bootable anti-malware flash drive or optical media so you…?

Answer 59

can use the boot media if you suspect a virus or other malware, even if the anti-malware program says it eliminated the problem

(boots you into a clean environment)

Question 60

How do you boot from an anti-malware disc or drive?

Answer 60

change CMOS settings to boot to optical or USB media

Question 61

What options do you have for creating a bootable optical disc or flash drive? 3

Answer 61

1. Anti-malware software in a bootable version (Avast! Virus Cleaner Tool)
2. Download a copy of Linux that offers a live CD/DVD option like Ubuntu so you can boot to the disc and install a complete working copy of the OS into RAM to be Internet-ready and access anti-malware sites for tools
3. Download and burn a copy of Ultimate Boot CD (contains several anti-malware programs but out of date)

Question 62

What do you do after you get into a boot environment?

Answer 62

you update your anti-malware software and run its most comprehensive scan and check all removable media exposed to the system and any system that received data from it

Question 63

When would you need to turn to an external (anti-malware) boot environment?

Answer 63

When Windows Recovery Environment doesn’t work or it might be a boot sector virus

Question 64

What does remediation mean?

Answer 64

Fixing files that the malware harmed

Question 65

What do you do if you can’t start Windows after the malware scan is finished?

Answer 65

boot from Windows setup media and use the Windows Recovery Environment/System Recovery options

Question 66

What should you remember to do after the system has been repaired?

Answer 66

re-enable System Restore and create a new restore point