Week 7 - Malware

Question 1

What is Malware?

Answer 1

Malware is software designed to perform malicious activities on a computer.

Question 2

What is zero day malware?

Answer 2

Malware that exploits vulnerabilities that have not been patched yet.

Question 3

What are the 3 types of Malware?

Answer 3

viruses, trojans and Worms

Question 4

What is a virus?

Answer 4

a malicious executable code that multiplies itself by attaching to a host document

Question 5

What is a polymorphic virus?

Answer 5

A polymorphic virus mutates as it spreads to avoid detection, making it harder to identify using signature-based antivirus software.

it leaves a signature to indicate a file has been infected

Question 6

What are the three main parts of a virus?

Answer 6

• Concealment (hiding from detection)
• Propagation (spreading to other files)
• payload (carrying out malicious actions)

Question 7

What is a logic bomb virus?

Answer 7

A logic bomb virus activates when specific conditions are met.

e.g
deleting files after a certain event occurs

Question 8

What is a time bomb virus?

Answer 8

A time bomb virus activates at specified time or date

Question 9

How else can we classify viruses?

Answer 9

Bases on the infection mechanism

could be a file infector, boot sector, email virus, operating system infection mechanism.

Question 10

What is a worm?

Answer 10

a self-replicating malware program that spreads across networks without human interaction

Question 11

What is a trojan?

Answer 11

malware disguised as harmless program that hides malicious software, like keyloggers or creates a backdoor for attackers

Question 12

What are the three main areas of malware prevention and detection?

Answer 12

• increasing user awareness (avoidance of downloading suspicious files)
• technical solutions (intrusion detection, firewalls)
• Antivirus software (identifies and removes malware from an infected computer)

Question 13

How does antivirus work?

Answer 13

use of virus dictionaries to search every file for known virus signatures

requires regular updates and not effective against polymorphic viruses

Question 14

What is an integrity checker?

Answer 14

alerts the user when a very old file has been recently modified. helps detect damage caused by viruses but not before the infection happens.

Question 15

What is activity monitoring in antivirus software?

Answer 15

monitoring activities of all programs and looking for suspicious behavior. (file modification, boot up time taking longer than usual)

Question 16

What is quarantining in activity monitoring ?

Answer 16

where the suspected file is placed into a new location where it can’t impact the system

e.g

sandbox - a secure environment isolated from OS

Question 17

What is a tarpit in cybersecurity?

Answer 17

a security mechanism that intentionally delays network connections to a sever, slowing down malware spread

Question 18

How do tarpits help in mitigating worm infections?

Answer 18

slows the spread of worms by increasing the time it takes for infected packets to reach new hosts

Question 19

How do tarpits help mitigate Denial of Service (DoS) attacks?

Answer 19

slows down the response time for each incoming HTTP request in a DoS attack, without impacting legitimate users, thus slowing the DoS attack.

Question 20

What is a honeypot in cybersecurity?

Answer 20

a decoy computer system that is set up to attract attackers. contains no valuable information

Question 21

How do honeypots help gather information about attackers?

Answer 21

Appear to contain valuable information to lure attackers. allowing defenders to gather information about attacker’s methods and intentions

Question 22

What are the two types of Malware Analysis?

Answer 22

Static and Dynamic

Question 23

What is static analysis?

Answer 23

examining files for malicious intent without running the code.

Question 24

How do we use Static analysis?

Answer 24

tools like disassemblers and network analysers user to look at file names, hashes and IP addresses.

Question 25

What is a limitation of static analysis?

Answer 25

May miss complicated malware that only shows malicious behaviour during runtime

Question 26

What is dynamic analysis in malware detection?

Answer 26

executes suspected files in a controlled environment (sandbox)

Question 27

What is a limitation of dynamic analysis?

Answer 27

attackers have become skilled at detecting sandboxes and will use techniques to hide malicious code inside the sandbox

Question 28

How do we use dynamic analysis?

Answer 28

allows security professionals to observe malware behavior without letting it affect the system or network.

obtaining an understanding of the malicious code’s behaviour