Malware Flashcards

1
Q

What is a Computer Virus?

A

Made up of malicious code that’s run on a machine without the user’s knowledge and allows the code to infect the computer whenever it has been run.

Computer viruses can lead to data corruption, loss, or unauthorized access to information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is a Boot Sector Virus?

A

Stored in the first sector of a hard drive and is loaded into memory whenever the computer boots up.

Boot sector viruses can be particularly damaging as they can prevent the operating system from loading.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a Macro Virus?

A

A form of code that allows a virus to be embedded inside another document so that when that document is opened by the user, the virus is executed.

Commonly found in documents created with applications like Microsoft Word.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What does a Program Virus do?

A

Tries to find executables or application files to infect with their malicious code.

These viruses often spread through software downloads or installations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a Multipartite Virus?

A

A combination of a boot sector type virus and a program virus, able to place itself in the boot sector and install itself in a program.

This type of virus can be particularly difficult to remove due to its dual nature.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is an Encrypted Virus?

A

Designed to hide itself from being detected by encrypting its malicious code or payloads to avoid detection by any antivirus software.

Encryption makes it harder for security software to recognize the virus.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is a Polymorphic Virus?

A

An advanced version of an encrypted virus that changes its code each time it is executed by altering the decryption module to evade detection.

Polymorphic viruses are more challenging to detect and remove than standard viruses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is a Metamorphic Virus?

A

Able to rewrite themselves entirely before attempting to infect a given file.

This capability allows metamorphic viruses to evade detection even more effectively than polymorphic ones.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is a Stealth Virus?

A

A technique used to prevent the virus from being detected by antivirus software.

Stealth viruses can manipulate system resources to hide their presence.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is an Armored Virus?

A

Has a layer of protection to confuse a program or a person who’s trying to analyze it.

This protection can make it significantly more challenging for security experts to reverse-engineer the virus.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is a Hoax Virus?

A

A form of technical social engineering that attempts to scare users into taking undesirable actions on their system.

Hoax viruses often spread through emails or social media, misleading users about threats.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is a worm in the context of cybersecurity?

A

A piece of malicious software that can replicate itself without any user interaction

Worms operate autonomously to infect systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How do worms replicate and spread?

A

They self-replicate and spread throughout your network without a user’s consent or action

This ability allows them to propagate rapidly.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the two main dangers posed by worms?

A
  • Infecting workstations and other computing assets
  • Causing disruptions to normal network traffic

The constant replication attempts can overwhelm network resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

True or False: Worms require user interaction to spread.

A

False

Worms can spread without any action from users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is a key characteristic of worms compared to viruses?

A

Worms can replicate themselves without user interaction

Unlike viruses, which often require user action to spread.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Fill in the blank: Worms are best known for spreading far and wide over the internet in a _______.

A

[short amount of time]

Their rapid propagation can lead to widespread damage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is a Trojan?

A

Piece of malicious software that is disguised as a piece of harmless or desirable software

Trojans are often used to trick users into installing them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What does RAT stand for?

A

Remote Access Trojan

RATs provide attackers with remote control of a victim machine.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Why are Trojans commonly used by attackers today?

A

To exploit a vulnerability in your workstation and conduct data exfiltration, create backdoors, and perform other malicious activities

Attackers use Trojans for various malicious purposes, including stealing sensitive documents.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Fill in the blank: A Remote Access Trojan (RAT) provides the attacker with _______.

A

remote control of a victim machine

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

True or False: Trojans can maintain persistence on systems.

A

True

Trojans can create backdoors to ensure continued access to infected systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is ransomware?

A

Type of malicious software that is designed to block access to a computer system or its data by encrypting it until a ransom is paid to the attacker.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

How can we protect ourselves and our organizations against ransomware? List at least three methods.

A
  • Always conduct regular backups
  • Install software updates regularly
  • Provide security awareness training to your users
  • Implement Multi-Factor Authentication (MFA)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What should you do if you find yourself or your organization as the victim of a ransomware attack? Name one action.

A

Never pay the ransom.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

True or False: Paying the ransom guarantees that you will get your data back.

27
Q

What is the first step to take if you suspect ransomware has infected your machine?

A

Disconnect it from the network.

28
Q

What should you do after disconnecting a machine infected with ransomware?

A

Notify the authorities.

29
Q

Fill in the blank: To recover from a ransomware attack, you should restore your data and systems from known good _______.

30
Q

What is a Botnet?

A

Network of compromised computers or devices controlled remotely by malicious actors

Botnets can include a wide range of devices, from personal computers to IoT devices.

31
Q

What is a Zombie in the context of cybersecurity?

A

Name of a compromised computer or device that is part of a botnet

Zombies perform tasks using remote commands from the attacker without the user’s knowledge.

32
Q

What is the role of a Command and Control Node?

A

Computer responsible for managing and coordinating the activities of other nodes or devices within a network

This node is crucial for the functioning of a botnet.

33
Q

List some uses of Botnets.

A
  • As pivot points
  • Disguise the real attacker
  • To host illegal activities
  • To spam others by sending out phishing campaigns and other malware

Botnets are often utilized for various malicious purposes, including data theft and distributed denial-of-service (DDoS) attacks.

34
Q

What is a rootkit?

A

Designed to gain administrative level control over a given computer system without being detected

35
Q

What are the different rings of permissions in a computer system?

A

Several different rings, including Ring 3 (User level permissions) and Ring 0 (Highest Permission Levels)

36
Q

What is Ring 3 in a computer system?

A

The outermost ring where user level permissions are used

37
Q

What is Ring 0 in a computer system?

A

The innermost or highest permission level, also known as kernel mode

38
Q

What is kernel mode?

A

Operating in Ring 0, allowing control over access to device drivers and other critical system resources

39
Q

What does kernel mode allow a system to control?

A

Access to things like device drivers, sound card, video display or monitor, and other similar things

40
Q

What technique do rootkits use to gain deeper access to a system?

A

DLL injection

41
Q

What is DLL Injection?

A

Technique used to run arbitrary code within the address space of another process by forcing it to load a dynamic-link library

42
Q

Why are rootkits difficult to detect?

A

The operating system is essentially blinded to them

43
Q

What is the best way to detect rootkits?

A

Boot from an external device and scan the internal hard drive

44
Q

What should be used to scan for rootkits when booting from an external device?

A

A good anti-malware scanning solution from a live boot Linux distribution

45
Q

What is a backdoor?

A

Originally placed in computer programs to bypass the normal security and authentication functions.

46
Q

Who most often places backdoors into systems?

A

Designers and programmers.

47
Q

What is an Easter egg in programming?

A

A hidden feature or novelty within a program typically inserted by the software developers as an inside joke.

48
Q

True or False: Easter eggs are always harmful to software.

49
Q

What is a common issue associated with code in software?

A

Code often has significant vulnerabilities.

50
Q

What are Logic Bombs?

A

Malicious code that’s inserted into a program, and the malicious code will only execute when certain conditions have been met

Logic bombs can be triggered by specific events, dates, or user actions.

51
Q

What is a keylogger?

A

A piece of software or hardware that records every single keystroke made on a computer or mobile device

Keyloggers are often used for monitoring or malicious purposes.

52
Q

What is spyware?

A

Malicious software that is designed to gather and send information about a user or organization without their knowledge

53
Q

What is bloatware?

A

Any software that comes pre-installed on a new computer or smartphone that you, as the user, did not specifically request, want, or need

Bloatware can often take up valuable storage space and may slow down device performance.

54
Q

What technique do most modern malware use to avoid detection?

A

Fileless techniques

Fileless malware operates in system memory instead of relying on the local file system.

55
Q

What is Fileless Malware?

A

Malware that creates a process in system memory without using the local file system

This method helps evade detection by traditional security software.

56
Q

What happens when a user clicks on a malicious link or file?

A

A stage one dropper or downloader is installed

This initiates the infection process.

57
Q

Define Stage 1 Dropper or Downloader.

A

A piece of malware created as lightweight shellcode that can be executed on a system

It is critical in the initial stage of malware deployment.

58
Q

What is a Dropper?

A

Specific malware designed to initiate or run other malware forms within a payload

The dropper is responsible for delivering the main malicious payload.

59
Q

What is a Downloader?

A

Malware that retrieves additional tools post-initial infection facilitated by a dropper

Downloaders play a crucial role in expanding the malware’s capabilities.

60
Q

What is Shellcode?

A

Lightweight code meant to execute an exploit on a given target

Shellcode is often used in various types of cyber attacks.

61
Q

What occurs in Stage 2 of malware execution?

A

A downloader installs a remote access Trojan for command and control

This stage allows attackers to maintain control over the compromised system.

62
Q

What does the ‘Actions on Objectives’ Phase entail?

A

Executing primary objectives like data exfiltration and file encryption

This phase is where attackers achieve their main goals.

63
Q

What is Concealment in the context of malware?

A

Methods used to prolong unauthorized access by hiding tracks, erasing log files, and hiding evidence

Concealment techniques help attackers remain undetected.

64
Q

What does ‘Living off the Land’ refer to?

A

A strategy where threat actors exploit standard tools for intrusions

This tactic is common among Advanced Persistent Threats.