Cybersecurity Quiz: Malware and Trojans

Questions and Answers

Which method does NOT directly allow malware to enter a system?

Participating in IRC channels

Using a secure VPN connection (correct)

Clicking on social engineered ads

Downloading files from untrusted sites

What is a primary function of a Trojan once it successfully infects a system?

Disabling internet connectivity

Encrypting all files on the system

Installing antivirus software

Creating backdoors for remote access (correct)

Which technique involves manipulating search engine results to spread malware?

Malvertising

Blackhat SEO (correct)

Spearphishing

Trojan propagation

Which type of malware is specifically designed to steal sensitive information by logging keystrokes?

Keylogger

Which of the following is an example of a method used to distribute malware through legitimate platforms?

Drive-by Downloads

Which statement best describes the function of a dropper in a Trojan packet?

It installs the malicious code onto the target system

What does malvertising entail?

Embedding malware within advertisements

Which vector is NOT commonly associated with the spread of malware?

Browser and software updates

What is the primary purpose of binding a Trojan executable with an innocent-looking application?

To deceive users into running the Trojan

Which statement accurately describes Remote Access Trojans?

They allow complete GUI access to the victim's system.

What is a characteristic feature of Botnet Trojans?

They allow control of infected systems from a centralized location.

Which method is NOT used to evade anti-virus detection for Trojans?

Changing the Trojan's syntax to hexadecimal format

How does a virus primarily spread?

Via file downloads, infected flash drives, and email attachments

What is the first stage in the life cycle of a virus?

Design

Which characteristic is NOT typically associated with viruses?

Creating standalone executable files

What is the role of the Trojan server in Command Shell Trojans?

To open a port for the attacker to connect

What is a recommended practice when opening files received via email?

Verify the sender's identity through a different communication channel

Which of the following tools is specifically not mentioned as an anti-virus solution?

Webroot Antivirus

Which of the following actions should be regularly scheduled to maintain cybersecurity?

Run disk clean up, registry scanner, and defragmentation

What practice is discouraged when dealing with executable codes sent to the organization?

Accepting codes from unmanaged sources

What should be done with disks or programs before accepting them?

Scan them using a current version of an anti-virus program

Which method is ineffective for detecting Trojans?

Blocking all unnecessary ports at the host

Which countermeasure is primarily focused on user education to prevent backdoor installations?

Educating users on application sources

Which of the following is NOT a category to scan for detecting Trojans?

Internet history

What is the primary focus of restricting permissions within a desktop environment?

Preventing malicious application installation

Which action should be avoided to enhance security against Trojan threats?

Opening email attachments from unknown senders

What is a primary characteristic that differentiates a worm from a virus?

A worm replicates on its own without human interaction, while a virus requires user action.

Which of the following is NOT a reason why people create computer viruses?

To enhance software performance

In the context of antivirus operations, what occurs during the incorporation phase?

Antivirus developers integrate defenses against newly identified viruses.

How do encryption viruses evade detection by antivirus software?

They encipher their code with unique keys for each file.

What can happen once a computer worm successfully installs a backdoor?

The computer becomes part of a botnet for further attacks.

What action is likely to lead to a computer being infected by a virus?

Downloading files from unknown or unverified sources.

Which statement most accurately describes the launch phase of a virus?

The virus remains dormant until user actions trigger it.

What do antivirus sensor systems primarily detect?

Malicious code threats, including viruses, worms, and Trojans.

Study Notes

Malware Threats

• Malware is malicious software that damages or disables computer systems, granting limited or full control to the creator for theft or fraud.

Examples of Malware

• Trojan Horse
• Virus
• Backdoor
• Worms
• Rootkit
• Spyware
• Ransomware
• Botnet
• Adware
• Crypter

Different Ways Malware Enters a System

• Instant messenger applications
• Browser and email software bugs
• IRC (Internet Relay Chat)
• Removable devices
• Attachments
• NetBIOS (File Sharing)
• Fake programs
• Untrusted sites and freeware software
• Downloading files, games, and screensavers from Internet sites
• Legitimate "shrink-wrapped" software packaged by a disgruntled employee

Common Techniques Attackers Use to Distribute Malware on the Web

• Blackhat Search Engine Optimization (SEO)
• Ranking malware pages highly in search results
• Social Engineered
• Click-jacking
• Tricking users into clicking on innocent-looking webpages
• Malvertising
• Embedding malware in ad-networks that display across hundreds of legitimate, high-traffic sites
• Spearphishing Sites
• Mimicking legitimate institutions to steal login credentials
• Compromised Legitimate Websites
• Hosting embedded malware that spreads to unsuspecting visitors
• Drive-by Downloads
• Exploiting browser flaws to install malware by visiting a webpage

How Hackers Use Trojans

• Delete or replace operating system critical files
• Disable firewalls and antivirus
• Generate fake traffic to create DOS attacks
• Record screenshots, audio, and video of victim's PC
• Use victim's PC for spamming and email blasting
• Download spyware, adware, and malicious files

How to Infect Systems Using a Trojan (Part 1)

• Creating a new Trojan packet with a Trojan Horse Construction Kit
• Constructing a dropper, part of a trojanized packet to install malicious code on the target system

How To Infect Systems Using a Trojan (Part 2)

• Create a wrapper using wrapper tools to install a Trojan on the victim's computer
• Propagate the Trojan
• Execute the dropper
• Execute the damage routine

Wrappers

• Combine a Trojan executable with an innocent-looking application, such as game or office applications.
• Trojan installations happen in the background while a seemingly harmless application runs in the foreground
• Attackers might send a birthday greeting that simultaneously installs a Trojan.
• The two programs are packaged into a single file.

Command Shell Trojans

• Remotely control a command shell on the victim's machine.
• A Trojan server is installed on the victim's machine, opening a port for attacker connection.
• A client is installed on the attacker's machine to launch a command shell on the victim's machine.

Remote Access Trojans

• This remote desktop access Trojan allows the attacker to access the victim's machine remotely.
• The attacker gains complete GUI access to the victim's remote system.

Botnet Trojans

• Infects a large number of computers geographically to create a network of bots.
• Controlled by a command and control (C&C) center
• Botnet is used to launch various attacks on a victim. Includes denial-of-service attacks, spam, click fraud, and theft or financial information.

Evading Anti-Virus Techniques

• Break the Trojan file into multiple pieces and zip them as a single file.
• Always create and embed a Trojan into an application.
• Change Trojan syntax (convert EXE to VB script, change extensions like EXE to DOC.EXE, PPT.EXE, or PDF.EXE)
• Change Trojan contents using Hex Editor and change checksum and encrypt the file.
• Download Trojans from untrusted sources (anti-virus software usually detects these).

Introduction to Viruses

• A virus is a self-replicating program that attaches itself to other programs or documents on a computer system.
• Viruses are transmitted through file downloads, infected disks, flash drives, and email attachments.

Virus Characteristics

• Infects other programs
• Alters data
• Transforms itself
• Corrupts files and programs
• Encrypts itself;
• Self-replicates

Stages of Virus Life

• Design (develop virus code using programming languages or construction kits)
• Replication (virus replicates and spreads within the target system)
• Launch (activation by the user)
• Detection (virus is identified)
• Incorporation (antivirus developers assimilate defenses)
• Elimination (users install updates to eliminate threats)

Reasons People Create Computer Viruses

• Inflict damage to competitors
• Financial benefits
• Research projects
• Play pranks
• Vandalism
• Cyber terrorism
• Distribute political messages

How a Computer Gets Infected by Viruses

• User accepts files and downloads without source verification
• Opening infected email attachments
• Installing pirated software
• Not updating or installing new plug-ins
• Not running the latest anti-virus software

Encryption Viruses

• Encrypts the code within an infected file using encryption keys for each file.
• Anti-virus scanner cannot directly detect these encryption viruses using standard signature detection methods

Computer Worms

• Malicious programs that replicate, execute, and spread across networks without human intervention.
• Most worms are created to replicate and spread through computer resources, while some contain payloads designed to damage the target.
• Attackers use worm payload to install backdoors in infected computers (zombie) and create botnets to perform larger attacks.

How a Worm Differs From a Virus

• Worms replicate on their own, using system resources
• Worms can spread across networks through information transportation features
• Worms do not attach to other files or programs but replicate independently.

Anti-Virus Sensor Systems

• Collection of software that detects and analyzes malicious code threats (viruses, worms, Trojans)
• Used along with secure computers, filtering network traffic and email
• Includes anti-virus, anti-spyware, anti-trojan, anti-spamware, anti-phishing, and email scanners

How to Detect Trojans

• Scan for suspicious open ports
• Scan for suspicious startup programs
• Scan for suspicious running processes
• Scan for suspicious files and folders
• Scan for suspicious registry entries
• Scan for suspicious network activities
• Scan for suspicious device drivers installed on the computer
• Scan for suspicious Windows services
• Run Trojan scanner

Trojan Countermeasures

• Avoid opening email attachments from unknown senders
• Install patches and security updates
• Block unnecessary ports and use a firewall
• Avoid accepting programs sent through instant messages
• Harden default configuration settings
• Monitor internal network traffic
• Scan CDs and DVDs with antivirus software
• Restrict permissions in the desktop environment
• Avoid commands blindly
• Manage local workstation file integrity
• Avoid downloading/executing applications from untrusted sources
• Run host-based antivirus, firewall, and intrusion detection software

Backdoor Countermeasures

• Most commercial anti-virus products automatically scan for and detect backdoor programs.
• Educate users about downloading applications from untrusted sources
• Use anti-virus tools such as McAfee, Norton, etc to eliminate backdoors

Virus and Worms Countermeasures

• Install anti-virus software
• Pay attention to instructions during downloads
• Avoid opening attachments from unknown senders
• Regularly update anti-virus software
• Regularly back up data
• Do not accept disks or programs without checking using updated anti-virus
• Ensure the executable code sent to the organization is approved
• Do not boot the machine with infected bootable disk
• Know about latest virus threats
• Check DVDs and CDs for infection
• Ensure pop-up blocker and internet firewall is on

Anti-virus Tools

(List of anti-virus tools provided)

Description

Test your knowledge on malware types and their functions with this quiz. It covers various techniques used by Trojans, viruses, and other malicious software. Perfect for students and professionals interested in cybersecurity.