Section 2: Malware

Question 1

What is a malware?

Answer 1

Software designed to infiltrate a computer system and possibly damage it without the user’s knowledge or consent.

• Viruses
• Worms
• Trojans
• Ransomware
• Spyware
• Rootkits
• Spam

Question 2

What is a Virus?

Answer 2

A malicious code that runs on a machine without the user’s knowledge and infects the computer when executed.

• requires user’s action in order to reproduce and spread

Question 3

What are the 10 types of viruses?

Answer 3

1. Boot Sector Virus
2. Macro Virus
3. Program Virus
4. Multipartite Virus
5. Encrypted Virus
6. Polymorphic Virus
7. Metamorphic Virus
8. Stealth Virus
9. Armoured Virus
10. Hoax Virus

Question 4

What is a Boot Sector Virus?

Answer 4

Virus that is stored in the first sector of a hard drive and are loaded into memory upon boot up

• difficult to detect
• installed before OS boots up
• need specific AV that looks for boot sector viruses to find it

Question 5

What is a Macro Virus?

Answer 5

Virus that is embedded into a document and is executed when the document is opened by a user

• Word / Power Point / Excel
• macros are not malicious by themselves, they are used to do many useful functions in short periods of time
• Excel for example, can have a macro code that makes calculations faster. But because you can add code to that macro, bad guys can take advantage of this and add malicious code

Question 6

What is a Program Virus?

Answer 6

A virus that infects an executable or an application

• Every time you open an application or execute the program, you load the virus

Question 7

What is a Multipartite Virus?

Answer 7

Combination of Boot Sector virus and Program virus. Attaches itself to the boot sector and system files before attacking other files on the computer

• allows for persistence
• you can find the program virus within windows, but not find the boot sector. Every time you reboot, it will reinstall into windows again

Question 8

What is an Encrypted Virus?

Answer 8

A virus that uses a cipher to encrypt its contents to avoid detection by any AV

Question 9

What is a Polymorphic Virus?

Answer 9

An advanced version of an encrypted virus that changes itself every time it is executed by altering the decryption module to avoid detection

• morphs the way its code looks so that a signature-based AV cannot detect it anymore

Question 10

What is a Metamorphic Virus?

Answer 10

Virus that is able to rewrite itself entirely before it attempts to infect a file (advanced version of a polymorphic virus)

Question 11

What is a Stealth Virus?

Answer 11

It is a sub category of viruses who have mechanisms to stay undetected/protect themselves

• Encrypted, Polymorphic, Metamorphic

Question 12

What is an Armoured Virus?

Answer 12

A virus that has a layer of protection to confuse a program or person analysing it

Question 13

What is a Hoax Virus?

Answer 13

Not necessarily a virus, but instead you get a virus that is trying to trick a user into infecting their own machine

• message or website popup
• phone call from someone pretending to work for Microsoft (“follow these steps to remove virus”)
• “install this type of software to get rid of the virus”
• allowing remote access to your machine

Question 14

What is a Worm?

Answer 14

A piece of malicious software, like a virus, but is able to replicate and spread without user interaction

• they take advantage of security holes in OS
• can move from victim to victim, network to network, and across the world
• can cause disruption to network traffic and computing activities
• can cause a system to crash

Question 15

What does a Worm use within a system?

Answer 15

• Computing power
• Processing power
• Memory
• Network traffic

Question 16

What is a Trojan?

Answer 16

Malicious software that is disguised as a piece of harmless or desirable software

• they perform desired functions but then also a malicious function ontop

Question 17

What is a RAT?

Answer 17

Remote Access Trojan

• provides the attacker with remote control of a victim computer and is the most commonly used type of trojan

Question 18

What is a Ransomware?

Answer 18

Malware that restricts access to a victim’s computer system until a ransom is received

• uses vulnerabilities in your software to gain access and then encrypt your files
• essentially blackmail and extortion

Question 19

What is a Spyware?

Answer 19

Malware that secretly gathers information about the user without their consent

• installed from a website or 3rd party software
• best case - goes through all the information on your system and build a profile about you
• worst case - includes a key logger
• best best case - it is just an Adware which displays advertisements based upon its spying on you

Question 20

What is a Key Logger?

Answer 20

Malware that captures the victims keystrokes and takes screenshots for the attacker

Question 21

What is an Adware?

Answer 21

Specific type of spyware that displays adverts to you based on what you searched for

Question 22

What is a Grayware (Jokeware)?

Answer 22

Software that isn’t benign nor malicious and tends to behave improperly without serious consequences

• not good or bad, just in the middle
• example - crazy mouse, which makes your mouse jump around everywhere on your sceen

Question 23

What is a Rootkit?

Answer 23

Software designed to gain administrative level control over a system without being detected

Question 24

Which Ring level does the Rootkit sit?

Answer 24

Ring 1, or Ring 0 preferrably

Question 25

Which Ring can you find Kernel-Mode?

Answer 25

Ring 0

Question 26

Which Ring can you find User privileges?

Answer 26

Ring 3

Question 27

Which Ring can you find Administrator privileges?

Answer 27

Ring 1

Question 28

What does the Kernel-Mode control?

Answer 28

- Sound cards - Monitors - Drivers etc

Question 29

What is a DLL?

Answer 29

Dynamic Link Library

Question 30

What does a DLL do?

Answer 30

It is a library that contains code and data that can be used by more than one program at the same time

Question 31

What is a DLL Injection?

Answer 31

A technique rootkits use to maintain their persistent control - inserting malicious code into a running process on a Win machine by taking advantage of DLL that are loaded at run time

Question 32

What is Driver Manipulation?

Answer 32

An attack that relies on compromising the kernel-mode device drivers that operate a privilege or system level

Question 33

What is a Shim?

Answer 33

Piece of software code that is placed between two components to intercept calls and redirect them. The rootkit will allow an interception to happen between the Win OS and DLL and then redirect that code which includes the malicious code embedded within

Question 34

When are Rootkits activated?

Answer 34

Before booting up the operating system and are difficult to detect

Question 35

What is the best way to detect a rootkit?

Answer 35

Boot up from an external device, and then scan the internal hard drive of the infected device

Question 36

What is Spam?

Answer 36

Activity that abuses electronic messaging. Most commonly Email - email - texting - social media - broadcast media - instant messaging

Question 37

How can spammers exploit Organisations email servers?

Answer 37

By exploiting their Open Mail Relays to send messages - These servers can send emails on behalf of others. Spammers take advantage of that

Question 38

Which Law deems spamming illegal?

Answer 38

CAN-SPAM Act of 2003 - Controlling the Assault of Non Solicited Pornography and Marketing Act

Question 39

What is SPIM (IAM SPAM)?

Answer 39

Spam over Instant Messaging - text messages - Facebook chat - chat room inside games