MODULE 7: Malware Threats

Question 1

What common technique to deliver malware over the web involves attackers tricking users into clicking on innocent looking webpages but are actually malicous?

maltervising
spam emails
black hat search optimization
social engineered click jacking

Answer 1

social engineered click jacking

Question 2

What component of malware is a program that conceals its code and intended purpose via various techniques, and thus, makes it hard for security mechanisms to detect or remove it?

dropper
injector
obfuscator
packer

Answer 2

obfuscator

Question 3

What type of network attack is where an attacker gains unauthorized access to a target network and remains undetected for a long period of time? The main objective is obtaining sensitive info, not sabotage.

DDOS
APT (advanced Persistent Threat)
XXS
SQL Injection

Answer 3

APT (advanced Persistent Threat)

Question 4

What describes the level up to which an APT attack remains undetected in the target’s network?

Risk Tolerance
Timeliness
Attack Origination Point
Actions

Answer 4

Risk Tolerance

Question 5

What type of attack is multi-phased to include reconnaissance, gaining access, discovery, capture, and data exfiltration?

DDOS
Phishing
APT
Botnet

Answer 5

APT

Question 6

What stage in the APT lifecycle includes the deployment of malware and establishment of an outbound connection?

Persistence
Cleanup
Preparation
Initial intrusion

Answer 6

Initial Intrusion

Question 7

What describes a program in which the malicious or harmful code is contained inside apparently harmless programming or data in such a way that the code can get control and cause damage? This type of program creates a covert communication channel between the attacker and target computer.

Virus
Trojan
Worm
Rootkit

Answer 7

Trojan

Question 8

Remote access _______, backdoor _______, botnet _______, and defacement _______ are all categories of what type of attack program?

Virus
Worm
Trojan

Answer 8

Trojan

Question 9

What type of traojan gives remote full control of a target computer, provides covert surveillance, usually provides higher privs than the device owner has (SYSTEM/root), usually undetected until activated, often delivered by drive-by downloads?

Botnet Trojan
RAT (Remote Access Tool) Trojan
Backdoor Trojan
Defacement Trojan

Answer 9

RAT (Remote Access Tool) Trojan

Question 10

An attacker has installed a RAT on a host. The attacker wants to ensure that when a user attempts to go to “www.MyPersonalBank.com”, the user is directed to a phishing site. Which file does the attacker need to modify?

A. Boot.ini
B. Sudoers
C. Networks
D. Hosts

Answer 10

D. Hosts

Question 11

What operates via tunneling methods and are mostly employed by attackers to evade firewalls in target networks and deliver and hide Trojans in an undetectable protocol?

Examples of tools used to create these are Ghost Tunnel V2 and ELECTRICFISH.

SSH Tunnels
Covert Channels
DNS Tunnels

Answer 11

Covert Channels

Question 12

What is a program that is intended to harm a target computer? Runs, replicates, and activates without the user’s knowledge and requires human interaction to spread?

Virus
Worm
Trojan

Answer 12

Virus

Question 13

System or Boot Sector
File and multipartite
Macro and Cluster
Stealth/Tunneling
Sparse Infector
Polymorphic
Cavity/Overwriting
FAT/Logic Bomb
and Email/Armored 

are all categories of what?

Worm
Trojan
Virus

Answer 13

Virus

Question 14

What type of virus works by using macro features inside microsoft office apps such as word and excel?

Multipartite
Polymorphic
Macro
Armored

Answer 14

Macro

Question 15

What type of virus consists of a file virus and boot sector virus? Infects both at the same time.

Macro
Multipartite
Polymorphic
Stealth

Answer 15

Multipartite Virus

Question 16

What type of virus changes its binary pattern on specific dates and times to avoid detection? It mutates while keeping the original algorithm intact.

Macro
Multipartite
Polymorphic
Stealth

Answer 16

Polymorphic

Question 17

What type of virus is most commonly spread using USB/physical media and moves the MBR to another location on the hard disk and copies itself to the original location of the MBR?

Multipartite
Polymorphic
Boot Sector
Stealth

Answer 17

Boot Sector

Question 18

On the test, which virus should you choose as the best answer when you see tunneling or stealth as answers?

This virus type evades anti virus software by intercepting its requests to the OS.

tunneling
stealth

Answer 18

Stealth

Question 19

Which type of virus/code can reprogram itself by translating its own code into a temporary representation and then back to normal code again?

metamorphic
polymorphic
stealth

Answer 19

metamorphic

Question 20

Which type of virus overwrites a part of the host’s file with nulls (or other chars) without increasing the length of the file and preserving its functionality?

Sparse infector
polymorphic
file overwriting/cavity
Macro

Answer 20

file overwrighting/cavity

Question 21

What type of malware restricts access to the computer system’s files and folders and demands an online payment to remove the restrictions?

Trojan
Ransomware
Virus
Worm

Answer 21

Ransomware

Question 22

What is a notorious ransomware that infected millions of unpatched servers by employing the RSA-2048 asymmetric encryption technique?

eCHQaix
wannacry
SamSam

Answer 22

SamSam

Question 23

What type of virus is well designed, made to look like a legitimate Personal Security Product that looks authentic enough to encourage users to install it on their systems, perform updates, or remove viruses and other programs?

Fake IDS
Fake Antivirus
Fake PC Cleanup Tool

Answer 23

Fake antivirus

Question 24

What are computer programs that independently replicate, execute, and spread across the network connections?

Viruses
Trojans
Worms
Botnets

Answer 24

Worms

Question 25

What type of malware infects legitimate software, applications, and resides in the system’s RAM? It injects its malicious code into running processes such as Word, Flash, Adobe PDF reader, JavaScript, and PowerShell.

Spyware
Fileless Malware
Adware
Worm

Answer 25

Fileless Malware

Question 26

What type of exploit allows hackers to inject a malicious payload into the RAM that targets the legitimate process without leaving any footprints?

Document Exploits
or
In-Memory Exploits

Answer 26

In-Memory Exploits

Question 27

What type of malware analysis does NOT run the malware code and employs tools to quickly determine if a file is malicious by analyzing the binary code?

Static malware analysis
or
Dynamic Malware Analysis

Answer 27

Static Malware Analysis

Question 28

What type of malware analysis involves executing malware on a system to understand its behavior after infection?

static malware analysis
or
dynamic malware analysis

Answer 28

Dynamic malware analysis