PM - Section 1.1 Malware

Question 1

Name some malware types

Answer 1

Viruses
Crypto-malware (used to encrypt all your data)
Ransomware
Worms
trojan horse
Rootkit
Keylogger
Adware/Spyware
Botnet

Question 2

What is malware?

Answer 2

Malicious software

Question 3

How do you get malware?

Answer 3

Exploits a vulnerability and installs a remote access backdoor.
Your computer must execute a program - email link, popup, drive by download, worm.

Question 4

What is a virus?

Answer 4

Can be propagate from device to device and replicate. Reproduces through file systems or network. Many are invisible.

Question 5

What are some types of viruses?

Answer 5

Program viruses - part of application.
Boot sector viruses
Script viruses - OS based and browser based
Macro viruses - common in MS office.

Question 6

What is a worm?

Answer 6

A worm is a type of virus that can move itself from one computer to another. No human interaction needed. Uses network as a transmission medium.

Question 7

How to stop a worm?

Answer 7

Firewalls
IDS/IPS can mitigate worms effects.
Intrusion Prevention System.

Question 8

What is the WannaCry worm?

Answer 8

Affects Windows systems. Looks for a vulnerable system installs EternalBlue. EB installs a backdoor and downloads WannaCry

Question 9

What is ransomware?

Answer 9

Computer is locked and encrypted until you pay for a ransom. Can be fake and just be a splash screen.

Question 10

What is crypto-malware?

Answer 10

Encrypts all data files, but OS still works until you pay for the decryption key. (A public key cryptography)

Question 11

How to avoid a crypto-malware attack?

Answer 11

Have a backup of your files off line. Keep OS up-to-date.

Question 12

What is a Trojan Horse?

Answer 12

Pretends to be something else. Doesn’t replicate.

Question 13

What is a backdoor?

Answer 13

Opens up a channel to allow other malware to get in. Any software could have a backdoor!

Question 14

What is a RAT?

Answer 14

Remote Access Trojans/ Remote Administration Tools

Downloaded with other software and allows allows admin control. E.g. Key logger, screen-recordings, copy files, install more malware.

Question 15

What is a RootKit?

Answer 15

Unix/Linux devices. It modifies the kernel of the OS. Antivirus/anti-malware software cannot find it. It’s invisible to the OS.

Question 16

What is a Zeus/Zbot malware?

Answer 16

Famous for cleaning out bank accounts.

Now combined with a RootKit - and the rootkit would prevent you from deleting Zbot.

Question 17

How to protect against RootKit attacks?

Answer 17

Very difficult.
Use a rootkit remover if you find one.
Secure boot with UEFI Bios..?

Question 18

What is a keylogger?

Answer 18

Saves all keystrokes to a file to grab passwords/emails etc. Circumvent encryption protections.

Question 19

How do you prevent keyloggers

Answer 19

Use anti-malware.
Firewalls to watch for file transfers.
Keylogging scanner.

Question 20

What is Adware and Spyware?

Answer 20

Popups that slow down you computer. Makes your computer one big advertisement.

Spyware watches what you are doing - identity theft. Poses as fake security software.

Question 21

Why is there so much Adware/Spyware?

Answer 21

Money

• Advertising is valuable
• Could hijack and use you CPU
• Spy and find your bank account

Question 22

How to protect against Adware/Spyware?

Answer 22

Update antivirus/malware software.

Runs scans e.g. malwarebytes

Question 23

What is a Botnet?

Answer 23

A computer is infected with a virtual robot. Enters through a trojan horse or OS or app vulnerability.

Waits for commands from the main system. Utilizes DDos through the power of many.

You can rent time one the botnets to target a website to make something inaccessible for a set amount of time.

Question 24

What is the ZeuS botnet?

Answer 24

Waited for you to log into bank, then transferred credentials to hackers.

Question 25

How can you see all the active botnets?

Answer 25

map.lookingglasscyber.com

Question 26

How can you prevent a botnet?

Answer 26

Keep everything up-to-date.

Prevent C&C Command and Control - Bots log into chatrooms to wait for commands from the central server.
Block the chatroom at the firewall

Question 27

What is a logic bomb?

Answer 27

Malware that waits for a predefined event, often based on time or maybe a backup process.
Often left by someone with a grudge who had admin access.

Question 28

How do you prevent a logic bomb?

Answer 28

They are very difficult to recognize.
Create processes/procedures with a formal change control
Monitor changes - create alerts and use software like Tripware to track changes.