Malware

Question 1

For Malware to infect your system it needs to create 2 things, and they are:

Answer 1

Threat Vector
Attack Vector

Question 2

A specific method used by an attacker to infiltrate a victims machine, like using some unpatched software, installing code, Phishing campaigns or how they can get in is known as a:

Answer 2

Threat Vector

Question 3

The actual means by which an attacker gains access to a computer to infect the system with Malware and how they’re going to infect the system is know as:

Answer 3

Attack Vector

Question 4

Popular security patch from 2017:

Answer 4

MS17-010

Question 5

Malicious software or code that runs and attaches to clean files and spreads into a computer system without the user’s knowledge is known as a

Answer 5

Virus

Question 6

Stand-alone malware programs that replicate and spread to other systems by exploiting software vulneralbilities

Answer 6

Worms

Question 7

Malicious programs which appear to be legitimate software that allowed unauthorized access to a victims system when executed.

Answer 7

Trojans

Question 8

These are compromised computers that are remotely controlled by attackers and used in coordination to form what is called a botnet:

Answer 8

Zombies

Question 9

A network of zombies that are often used for DDOS attacks, spam distribution, or cryptocurrency mining is:

Answer 9

Botnet

Question 10

Malicious tools that hide their activities and operate at or below the OS level to allow for ongoing privileged access are known as:

Answer 10

Rootkits

Question 11

These are malicious means of bypassing normal authentication processes to gain unauthorized access to a system

Answer 11

Backdoors

Question 12

This is embed code placed in legitimate programs that executes a malicious action when a specific condition or trigger occurs:

Answer 12

Logic Bombs

Question 13

These record a user’s keystrokes and are used to capture passwords or other sensitive information.

Answer 13

keyloggers

Question 14

this secretly monitors and gathers user info or activities and sends data to third parties:

Answer 14

Spyware

Question 15

this is Unnecessary or pre-installed software that consumes system resources and space without offering any value to the user.

Answer 15

Bloatware

Question 16

There are 10 different types of viruses that you should be aware of:

Answer 16

Boot Sector
Macro
Program
Multipartite
Encrypted
Polymorphic
metamorphic
Stealth
Armor
Hoax

Question 17

this type of virus is stored in the first sector of a hard drive and is then loaded into memory whenever the computer boots up:

Answer 17

Boot Sector

Question 18

this type of virus is a form of code that allows a virus to be embedded inside another document so that when that document is opened by the user, the virus is executed:

Answer 18

macro virus

Question 19

this type of virus tries to find executables or application files to infect with their malicious code:

Answer 19

Program virus

Question 20

This virus is designed to hide itself from being detected by a encrypting its malicious code or payloads to avoid detection by any antivirus software:

Answer 20

Encrypted Virus

Question 21

A combination of a boot sector type virus and a program virus. It’s possible that a technician can actually remove the program virus from your machine but miss the one in the boot sector, hince the name:

Answer 21

Mulitpartite virus

Question 22

This is an advanced version of an encrypted virus but instead of just encrypting the contents, it will actually change the virus’s code each time it is executed by altering the decryption module in order for it to evade detection.

Answer 22

Polymorphic Virus

Question 23

This virus is able to rewrite itself entirely before it attempts to infect a given file:

Answer 23

Metamorphic Virus

Question 24

this is not necessarily a specific type of virus as much as it is a technique used to prevent the virus from being detected by the anti-virus software.

Answer 24

Stealth virus

Question 25

This type of virus has a layer of protection to confuse a program or a person who’s trying to analyze it

Answer 25

Armored Virus

Question 26

this is technically not a virus but instead a form of technical social engineering that attempts to scare end users into taking undesirable action on their system

Answer 26

Hoax

Question 27

A piece of malicious software much like a virus, but it can replicate itself without any user interaction. They are best known for spreading far and wide over the Internet in a relatively short amount of time.

Answer 27

Worm

Question 28

this worm is one of the largest because it was able to infect between 9 and 15 million machines.

Answer 28

Conficker

Question 29

A _________ can replicate itself without any user interaction

Answer 29

Worm

Question 30

A ___________ requires the user to take some action

Answer 30

Virus

Question 31

A piece of malicious software that is disguised as a piece of harmless or desirable software. It is or they are commonly used today by attackers to exploit a vulnerability in a workstation and then conducting data exfiltration

Answer 31

Trojan

Question 32

This is a type of Trojan that is widely used by modern attackers because it provides the attacker with remote control of a victims machine

Answer 32

Remote Access Trojan (RAT)

Question 33

A type of malicious software that is designed to block access to a computer system or its data by encrypting it until a ransom is paid to the attacker.

Answer 33

Ransomware

Question 34

Ways to help prevent Ransomware attacks are:

Answer 34

Conducting Regular Backups
Installing Regular Software updates
Providing Security Awareness Training
Implementing Multi-Factor Authentication for the Systems

Question 35

If you are a victim of a Ransomware Attack you should:

Answer 35

Never Pay the Ransom
Disconnect the infected System from the Network
Notify the Authorities
Restore the Data from Know Good Backups

Question 36

A network hundreds, thousands, or even millions of compromised computers or devices controlled remotely by malicious actors that can use the processing, memory, storage, or networking without giving your consent

Answer 36

Botnet

Question 37

the name of a compromised computer or device that is part of a botnet and used to perform tasks using remote commands

Answer 37

Zombie

Question 38

for hackers, these are responsible for managing and coordinating the activities of other nodes or devices within a network

Answer 38

command and control node (C2 node)

Question 39

__________ are used to spam others by sending out phishing campaigns and other malware, also to combine processing power to break through different types of encryption schemes to gain more zombies

Answer 39

Botnets

Question 40

The most common use of Botnets are for:

Answer 40

Distributed Denial of Service attack (DDoS)
crypto mining, or breaking your computers encryption

Question 41

When you have a lot of machines trying to take control or attack one machine, that is called:

Answer 41

Distributed Denial of Service attack (DDoS)

Question 42

A type of software that is designed to gain administrative-level control over a given computer system without being detected, designed to dig deeply into the operating system, without being detected

Answer 42

Rootkit

Question 43

Rootkits, because of the admin access, will allow an attacker to:

Answer 43

install Programs
Delete Programs
Open Ports
Close Ports

Question 44

A ________ _________ has what’s called a rings of permissions and most / basic users are or in the outermost Ring 3. Ring 0 is the innermost and has the most permissions

Answer 44

computer system

Question 45

When in this part or mode ( ring 0 ) allows a system to control access to things like device drivers, sound card, and monitor

Answer 45

Kernel mode

Question 46

if you log in as “Administrator or Root” you’ll be operating at :

Answer 46

Ring 1

Question 47

this is a technique used to run arbitrary code within the address space of another process by forcing it to load a dynamic-link library

Answer 47

DLL injection

Question 48

DLL injections work by utilizing a software code that is placed between two components. It will intercept calls between those components and re-direct into some malicious code

Answer 48

Shim

Question 49

because a Rootkit, once it reaches say ring 1 or 0 and it’s almost impossible to detect it, the best way search or find one is to do a:

Answer 49

External Scan

Question 50

this is used to bypass the normal security and authentication functions of your computer

Answer 50

Backdoor

Question 51

this can be placed on your system via a backdoor by a threat actor to help maintain persistent access to that system

Answer 51

Remote Access Trojan ( RAT )

Question 52

this is an insecure coding practice that was initially used by programmers as a joke or gag gift to users

Answer 52

Easter Egg

Question 53

A piece of software ( programs normally bundled ) or hardware that records every single keystroke that is made on a computer or mobile device

Answer 53

keylogger

Question 54

this is any software that comes pre-installed on a new computer or smartphone like tool bars and Office 365. It wastes storage space, slows down the performance of devices, and introduces new security vulnerabilities into systems

Answer 54

Bloatware

Question 55

A type of malicious software that is designed to gather and send information about a user or organization. It can be bundled with other software, installed through a Malicious Website, or installed when users click on a deceptive pop-up advertisement.

Answer 55

Spyware

Question 56

Describes the specific method by which malware code infects a target host

Answer 56

Exploit Technique

Question 57

Some _______ focuses on infecting the systems memory to leverage remote procedure calls over the organizations network

Answer 57

Malware

Question 58

Most modern ________ uses fileless techniques to avoid detection by signature-based security software and they use a 2-stage model.

Answer 58

Malware`

Question 59

this is used to create a process in the systems memory without relying on the local file system of the infected host.

Answer 59

Fileless malware

Question 60

this is when a user clicks on a malicious link or opens a malicious file, malware is then installed is known as:

Answer 60

Stage 1: Dropper or Downloader

Question 61

this initiates or runs other malware forms within a payload on an infected host

Answer 61

Dropper

Question 62

This actually retrieves additional tools post the initial infection facilitated by a dropper.

Answer 62

Downloader

Question 63

this Encompasses lightweight code meant to execute an exploit on a given target

Answer 63

Shellcode

Question 64

This downloads and installs a remote access Trojan to conduct command and control on the victimized system

Answer 64

Stage 2: Downloader

Question 65

threat actors will execute primary objectives to meet core objectives ( data exfiltration or file encryption ) is known as the:

Answer 65

“Actions on Objectives” Phase

Question 66

After a Stage 1 and Stage 2 Malware attack has been initiated, this is then used to help the threat actor prolong unauthorized access to a system by hiding tracks, erasing log files, and hiding any evidence of malicious activities

Answer 66

Concealment

Question 67

Malware can be entered into your system by any of the following techniques:

Answer 67

Code Injection DLL sideloading
Masquerading Process hollowing
DLL injection+

Question 68

this known Malware strategy was adopted by many Advanced Persistent Threats and Criminal Organizations where the threat actors try to exploit the standard system tools to perform intrusions like possibly using Powershell.

Answer 68

Living off the land

Question 69

Signs that you may have some form of Malware on your machine:

Answer 69

Account lockouts
concurrent Session utilization
Blocked content
Resource Consumption
Out-of-cycle logging
Published or documented attacks
Impossible travel
Resource inaccessibility
missing logs