Malware Families

Question 1

What is a Virus

Answer 1

a virus is a malicious code whose primary function is to replicate and to deliver its payload. And remember that we said, a virus requires a host to execute and replicate.

Question 2

Boot Sector Virus

Answer 2

boot sector virus infects the boot or the first sector of a drive then loads into memory upon boot up

Question 3

File Infector Virus

Answer 3

file infector virus infects .com, or .exe files by overriding the original code. And it can easily affect another executable with the same extension

Question 4

Companion Virus

Answer 4

A companion virus disguises itself as a legitimate file, it takes on a legitimate file name, but it uses a different extension with a higher priority to the processor. So for example, you might have a file on your system called good.exe, the companion virus will name itself good.com, which is a higher priority to the processor.

Question 5

Macro Virus

Answer 5

The macro virus is written in a macro language and it’s platform-independent. It infects and replicates templates and documents

Question 6

What is a worm?

Answer 6

a worm is malicious code that exploits known vulnerabilities. It is self replicating and it takes advantage of network features to spread

Question 7

What type of Network Feature?

Answer 7

email and file sharing, instant messaging, even network packets

Question 8

Internet Worm

Answer 8

internet worm is one that’s injected into a website and then re replicates itself onto any computer when that page is accessed and loaded.

Question 9

Email-Worm

Answer 9

Email worms are distributed there via attachments and or embedded links

Question 10

File sharing worms

Answer 10

known as P2P are distributed via a peer to peer transfer

Question 11

Instant messaging worms

Answer 11

are distributed via messaging platforms and they’re disguised as attachments or links

Question 12

network transport worms

Answer 12

hidden in network packets so they can spread and self propagate through shared access to any device, drive or file across the network, very dangerous.

Question 13

What is a Trojan?

Answer 13

Trojan is malicious code that looks legitimate and it acts like a bona fide file or application. For example, a game, a video or music. So it’s just doing whatever you expected it to do, playing the video, playing the song, providing you with a game, but at the same time, it’s taking control, it’s delivering its payload

Question 14

RAT

Answer 14

RAT stands for remote access Trojan, and its objective is to gain control of the system via a remote network connection. So you’re playing the game, but the attacker is actually making it connect to you

Question 15

Backdoor Trojan

Answer 15

A backdoor is used to open a less obvious connection for later access. Again you’re playing that game and the backdoor Trojan opens up another channel.

Question 16

Downloader Trojan

Answer 16

Downloader targets an already infected computer to download additional or new versions of the malicious code

Question 17

Fake AV Trojan

Answer 17

fake AV well, it behaves like any virus software, but it demands payment to remove threats either real or fake

Question 18

What is a RootKit?

Answer 18

that’s designed to take privileged control of the device, access right to the kernel of the operating system or to the firmware, but really high level privilege control

Question 19

Components of a RootKit?

Answer 19

Dropper, loader, and rootkit itself, difficult to identify and remove

Question 20

Firmware

Answer 20

Firmware is going to be malicious code that gets embedded in the device firmware, and it can modify functionality

Question 21

Kernel

Answer 21

Kernel rootkit is designed to function at the level of the operating system itself, and it can add new code to the operating system or even delete and replace operating system code

Question 22

BootLoader

Answer 22

bootloader rootkit boots up at the same time as the operating system, by infecting the master boot record, the MBR, and it can modify or delete boot records

Question 23

Memory

Answer 23

memory rootkit hides in RAM and a by-product of it hiding a RAM is it reduces performance by occupying resources.

Question 24

Identify dangers of RootKits?

Answer 24

modify functionality, add new code to an operating system, delete boot records, or use up resources. It can also be persistent, stays active when the computer is turned on until it is turned off.

Question 25

What is Spyware?

Answer 25

Spyware is code that collects information without consent, and it might use that information for future interactions

Question 26

Keylogger spyware

Answer 26

capture your keystrokes and your mouse or pad movements

Question 27

Monitor Spyware

Answer 27

monitor is used for tracking user activity, what programs do you open? What files do you open? What do you print?

Question 28

Tracking cookies spyware

Answer 28

Tracking cookies are used to log web browsing activity

Question 29

Adware spyware?

Answer 29

adware is used for delivering targeted advertising based on that known user activity

Question 30

What is Programmatic Malware?

Answer 30

Programmatic is code that has been inserted or created by the application programmers, the coders or the publishers

Question 31

Backdoor Programmtic Malware

Answer 31

backdoor is code that’s designed to bypass access controls. In the development cycle very often backdoors are purposely created in case something goes wrong with the access control system

Question 32

logicBomb programmatic malware

Answer 32

logic bomb is code that’s designed to execute when a certain event occurs or at a certain period of time. And those are always inserted intentionally. So backdoors and logic bombs also known as a slag code.