MODULE 7: Malware Threats Flashcards
What common technique to deliver malware over the web involves attackers tricking users into clicking on innocent looking webpages but are actually malicous?
maltervising
spam emails
black hat search optimization
social engineered click jacking
social engineered click jacking
What component of malware is a program that conceals its code and intended purpose via various techniques, and thus, makes it hard for security mechanisms to detect or remove it?
dropper
injector
obfuscator
packer
obfuscator
What type of network attack is where an attacker gains unauthorized access to a target network and remains undetected for a long period of time? The main objective is obtaining sensitive info, not sabotage.
DDOS
APT (advanced Persistent Threat)
XXS
SQL Injection
APT (advanced Persistent Threat)
What describes the level up to which an APT attack remains undetected in the target’s network?
Risk Tolerance
Timeliness
Attack Origination Point
Actions
Risk Tolerance
What type of attack is multi-phased to include reconnaissance, gaining access, discovery, capture, and data exfiltration?
DDOS
Phishing
APT
Botnet
APT
What stage in the APT lifecycle includes the deployment of malware and establishment of an outbound connection?
Persistence
Cleanup
Preparation
Initial intrusion
Initial Intrusion
What describes a program in which the malicious or harmful code is contained inside apparently harmless programming or data in such a way that the code can get control and cause damage? This type of program creates a covert communication channel between the attacker and target computer.
Virus
Trojan
Worm
Rootkit
Trojan
Remote access _______, backdoor _______, botnet _______, and defacement _______ are all categories of what type of attack program?
Virus
Worm
Trojan
Trojan
What type of traojan gives remote full control of a target computer, provides covert surveillance, usually provides higher privs than the device owner has (SYSTEM/root), usually undetected until activated, often delivered by drive-by downloads?
Botnet Trojan
RAT (Remote Access Tool) Trojan
Backdoor Trojan
Defacement Trojan
RAT (Remote Access Tool) Trojan
An attacker has installed a RAT on a host. The attacker wants to ensure that when a user attempts to go to “www.MyPersonalBank.com”, the user is directed to a phishing site. Which file does the attacker need to modify?
A. Boot.ini
B. Sudoers
C. Networks
D. Hosts
D. Hosts
What operates via tunneling methods and are mostly employed by attackers to evade firewalls in target networks and deliver and hide Trojans in an undetectable protocol?
Examples of tools used to create these are Ghost Tunnel V2 and ELECTRICFISH.
SSH Tunnels
Covert Channels
DNS Tunnels
Covert Channels
What is a program that is intended to harm a target computer? Runs, replicates, and activates without the user’s knowledge and requires human interaction to spread?
Virus
Worm
Trojan
Virus
System or Boot Sector File and multipartite Macro and Cluster Stealth/Tunneling Sparse Infector Polymorphic Cavity/Overwriting FAT/Logic Bomb and Email/Armored
are all categories of what?
Worm
Trojan
Virus
Virus
What type of virus works by using macro features inside microsoft office apps such as word and excel?
Multipartite
Polymorphic
Macro
Armored
Macro
What type of virus consists of a file virus and boot sector virus? Infects both at the same time.
Macro
Multipartite
Polymorphic
Stealth
Multipartite Virus
What type of virus changes its binary pattern on specific dates and times to avoid detection? It mutates while keeping the original algorithm intact.
Macro
Multipartite
Polymorphic
Stealth
Polymorphic
What type of virus is most commonly spread using USB/physical media and moves the MBR to another location on the hard disk and copies itself to the original location of the MBR?
Multipartite
Polymorphic
Boot Sector
Stealth
Boot Sector
On the test, which virus should you choose as the best answer when you see tunneling or stealth as answers?
This virus type evades anti virus software by intercepting its requests to the OS.
tunneling
stealth
Stealth
Which type of virus/code can reprogram itself by translating its own code into a temporary representation and then back to normal code again?
metamorphic
polymorphic
stealth
metamorphic
Which type of virus overwrites a part of the host’s file with nulls (or other chars) without increasing the length of the file and preserving its functionality?
Sparse infector
polymorphic
file overwriting/cavity
Macro
file overwrighting/cavity
What type of malware restricts access to the computer system’s files and folders and demands an online payment to remove the restrictions?
Trojan
Ransomware
Virus
Worm
Ransomware
What is a notorious ransomware that infected millions of unpatched servers by employing the RSA-2048 asymmetric encryption technique?
eCHQaix
wannacry
SamSam
SamSam
What type of virus is well designed, made to look like a legitimate Personal Security Product that looks authentic enough to encourage users to install it on their systems, perform updates, or remove viruses and other programs?
Fake IDS
Fake Antivirus
Fake PC Cleanup Tool
Fake antivirus
What are computer programs that independently replicate, execute, and spread across the network connections?
Viruses
Trojans
Worms
Botnets
Worms
What type of malware infects legitimate software, applications, and resides in the system’s RAM? It injects its malicious code into running processes such as Word, Flash, Adobe PDF reader, JavaScript, and PowerShell.
Spyware
Fileless Malware
Adware
Worm
Fileless Malware
What type of exploit allows hackers to inject a malicious payload into the RAM that targets the legitimate process without leaving any footprints?
Document Exploits
or
In-Memory Exploits
In-Memory Exploits
What type of malware analysis does NOT run the malware code and employs tools to quickly determine if a file is malicious by analyzing the binary code?
Static malware analysis
or
Dynamic Malware Analysis
Static Malware Analysis
What type of malware analysis involves executing malware on a system to understand its behavior after infection?
static malware analysis
or
dynamic malware analysis
Dynamic malware analysis
