Cybersecurity Quiz on Malware and Protection

Questions and Answers

Which of the following is recommended when downloading files from the Internet?

• Pay attention to the instructions (correct)
• Always download files from unknown sources
• Ignore the instructions given
• Download all files without checking

Regularly maintaining data backup is not important to prevent virus infections.

False (B)

Name two anti-virus tools mentioned in the content.

AVG Antivirus, Kaspersky Anti-Virus

Ensure the _________ blocker is turned on to enhance online security.

pop-up

Match the following actions with their purpose:

Run disk clean up = Free up space and optimize performance Check CDs for virus infection = Prevent malware spread Schedule regular scans = Detect and remove potential threats Turn on the firewall = Protect against unauthorized access

What is the purpose of a wrapper in malware?

To disguise a Trojan with a legitimate application (C)

A Command Shell Trojan provides remote access to the victim's graphical user interface.

False (B)

What is the installation path of the dropper mentioned?

c\windows\system32\svchosts.exe

The Trojan connects to Port _____ to establish a reverse connection.

80

Match the following Trojan types with their descriptions:

Command Shell Trojans = Provide control over a command shell Remote Access Trojans = Grant complete GUI access to a system Botnet Trojans = Infect many computers for coordinated attacks

Which of the following is a method to evade anti-virus detection?

Changing the Trojan's syntax (D)

Which type of malware is specifically designed to trick users into providing sensitive information?

Spyware (C)

Botnet Trojans only affect a single computer at a time.

False (B)

Malware can only enter a system through infected email attachments.

False (B)

What technique do attackers use to embed malware in legitimate advertising networks?

Malvertising

Name one potential use of Botnet Trojans.

Denial-of-service attacks

A program that embeds malware in legitimate software and spreads due to bugs in software is known as a ___.

backdoor

Which of the following is NOT a method attackers use to distribute malware?

Encryption (B)

Match the types of malware with their definitions:

Trojan Horse = A malicious program that disguises itself as legitimate software Rootkit = Software that allows unauthorized access to a computer by hiding its presence Botnet = A network of infected computers used to perform coordinated attacks Ransomware = Malware that encrypts data and demands payment for its recovery

What is the primary function of a Trojan in a cyber attack?

To create backdoors and gain unauthorized remote access.

Attackers commonly exploit ___ in web browsers to initiate Drive-by Downloads.

flaws

What is a key characteristic of a computer virus?

Self-replicating (A)

Viruses are primarily transmitted through secured channels.

False (B)

What stage of a virus's life cycle involves assimilating defenses against it?

Incorporation

A virus that uses encryption to hide its code is referred to as an __________ virus.

encryption

Match the following virus types with their descriptions:

Computer Virus = Self-replicating program that attaches to other programs Encryption Virus = Uses encryption to obscure its code Worm = Replicates and spreads across networks independently Trojan = Disguises itself to trick users into downloading

Which of the following is NOT a reason why people create computer viruses?

To help people (A)

Trojans downloaded from the web are difficult for antivirus software to detect.

False (B)

What can happen if a user ignores updates for antivirus applications?

Increased risk of infection by viruses and malware

What is a primary characteristic that differentiates a worm from a virus?

A worm replicates on its own (D)

A virus spreads automatically through an infected network.

False (B)

What should you avoid doing to protect against Trojans?

Opening email attachments from unknown senders

A worm spreads through the infected _______.

network

Match the scanning method with its corresponding purpose:

Scan for suspicious OPEN PORTS = Detect network vulnerabilities Scan for suspicious RUNNING PROCESSES = Identify malicious programs Scan for suspicious FILES and FOLDERS = Find hidden threats Scan for suspicious REGISTRY ENTRIES = Monitor system settings

Which of the following is NOT a method to detect Trojans?

Ignore unknown network activities (D)

Most commercial anti-virus products can automatically detect backdoor programs.

True (A)

Name one measure to take against viruses and worms.

Install anti-virus software

Flashcards

Malware

Malicious software designed to damage or disable computer systems, or grant the creator limited/full control for theft/fraud.

Trojan Horse

Malicious software disguised as legitimate software, often used to gain unauthorized access to a system.

Malware Distribution

Methods used by attackers to spread malicious software to computers.

Drive-by Downloads

Installing malware by simply visiting a website, exploiting security flaws in browser software.

Trojan Techniques

Actions a Trojan can perform, such as: deleting files, disabling security, creating backdoors, recording data, infecting as a proxy or botnet.

Social Engineering

Manipulating individuals into performing actions that compromise their security.

Malvertising

Malware disguised as legitimate advertising, appearing on various websites.

Trojan Infection

Creating and introducing a Trojan via a Trojan Horse Construction Kit using a dropper that installs malicious code.

Virus

A self-replicating program that copies itself by attaching to another program, boot sector, or document.

Virus Transmission

Viruses are typically spread through file downloads, infected storage devices, or email attachments.

Virus Characteristics

Viruses can infect other programs, alter data, transform themselves, corrupt files, encrypt themselves, and self-replicate.

Encryption Virus

A virus that uses encryption to protect its code, making it harder for antivirus software to detect.

Computer Worm

A malicious program that replicates and spreads independently across networks without user interaction.

Worm Payload

The harmful action a worm performs, often targeting the host system or creating botnets for further attacks.

Botnet

A network of infected computers controlled by an attacker, used for malicious activities.

Antivirus Stages

The stages of antivirus protection include design, replication, launch, detection, incorporation, and elimination.

Dropper

A program that installs malicious code on a victim's computer, often disguised as a harmless application.

Wrapper

A tool used to hide a Trojan executable within a legitimate-looking application. When the user runs the wrapped application, the Trojan installs itself undetected.

Command Shell Trojan

This Trojan allows an attacker to take control of a victim's command shell, giving them remote access to the system.

Remote Access Trojan

Provides complete GUI access to a victim's system, allowing an attacker to see and manipulate the remote desktop.

Botnet Trojan

Infects multiple computers to create a network of bots under centralized control. This network is used for various attacks like DoS, spamming, and information theft.

Trojan Propagation

The process of spreading a Trojan to multiple victims. This can happen through various means such as social engineering, email attachments, and infected websites.

Trojan Execution

The process of running the Trojan code on a compromised computer. This might happen automatically upon installation, or triggered by specific events.

Evading Anti-Virus Techniques

Strategies used by attackers to disguise or modify Trojans to avoid detection by anti-virus software.

Worm Replication

A worm is a type of malware that can make copies of itself and spread through a network without needing to be attached to other programs.

Worm vs. Virus

While both are malware, a worm can replicate itself and spread independently through a network, whereas a virus requires a host program to spread.

Anti-Virus Sensor System

Software that detects and analyzes malicious code like viruses, worms, and Trojans, used in conjunction with security measures.

Trojan Detection Techniques

Methods used to identify Trojans, like scanning for suspicious processes, files, network activity, and registry entries.

Trojan Countermeasures

Strategies to prevent and mitigate Trojan infections, including avoiding suspicious attachments, blocking unnecessary ports, and keeping software updated.

Backdoor Countermeasures

Ways to protect against backdoor programs, such as using antivirus software, educating users, and avoiding untrusted websites.

Virus and Worm Countermeasures

Key strategies to combat virus and worm infections, including installing antivirus software and maintaining regular updates.

Open Ports

Open ports can be accessed by anyone, making them potential entry points for malicious activity. Scanning your system for suspect open ports can help identify potential vulnerabilities.

Anti-virus policy

A set of rules and guidelines to protect computers from viruses and malware.

Regular scans

Running anti-virus software to check for viruses and malware on a regular basis.

Attachment caution

Avoid opening attachments from unknown senders, as they can contain viruses.

Data backup

Making copies of important data to protect against data loss due to virus infection.

Firewall

A software program that protects a computer network from unauthorized access.

Study Notes

Malware Threats

• Malware is malicious software designed to damage or disable computer systems, and gives the creator limited or full control for theft or fraud.
• Examples of Malware: Trojan Horse, Virus, Backdoor, Worms, Rootkit, Spyware, Ransomware, Botnet, Adware, Crypter

Ways Malware Enters a System

• Instant Messenger applications
• Browser and email software bugs
• IRC (Internet Relay Chat)
• Removable devices
• Attachments
• NetBIOS (FileSharing)
• Fake programs
• Untrusted sites and freeware software
• Downloading files, games, and screensavers from Internet sites
• Legitimate "shrink-wrapped" software (packaged by disgruntled employee)

Techniques Attackers Use to Distribute Malware

• Blackhat Search Engine Optimization (SEO): Ranking malware pages highly in search results
• Social Engineered Click-jacking: Tricking users into clicking on innocent-looking webpages
• Malvertising: Embedding malware in ad-networks displayed on legitimate, high-traffic sites
• Spearphishing Sites: Mimicking legitimate institutions to steal login credentials
• Compromised Legitimate Websites: Hosting embedded malware that spreads to unsuspecting visitors
• Drive-by Downloads: Exploiting flaws in browser software to install malware by simply visiting a website

How Hackers Use Trojans

• Delete or replace operating system's critical files
• Disable firewalls and antivirus
• Generate fake traffic to create DOS attacks
• Record screenshots, audio, and video of victim's PC
• Use victim's PC for spamming and blasting email messages
• Download spyware, adware, and malicious files
• Create backdoors to gain remote access
• Infect victim's PC as a proxy server for relaying attacks
• Use victim's PC as a botnet to perform DDoS attacks
• Steal information such as passwords, security codes, credit card information using keyloggers

How to Infect Systems Using a Trojan

• Create a new Trojan packet using a Trojan Horse Construction Kit
• Create a dropper (part of trojanized packet) that installs malicious code on the target system
• Example of a Dropper: Installation path: c\windows\system32\svchosts.exe; Autostart: HKLM\Software\Mic.....\run\Iexplorer.exe, Malicious code, Client address: client.attacker.com; Dropzone: dropzone.attacker.com
• A genuine application (e.g., chess.exe); Wrapper data: Executable file
• Create a wrapper using wrapper tools to install Trojan on the victim's computer
• Propagate the Trojan
• Execute the dropper
• Execute the damage routine

Wrappers

• Bind a Trojan executable with an innocent-looking .EXE application (e.g., games or office applications)
• When the user runs the wrapped EXE, it installs the Trojan in the background
• Runs the wrapping application in the foreground
• Two programs wrapped into a single file
• Attackers might send a birthday greeting (that secretly installs a Trojan) as the user watches a birthday cake dance across the screen

Command Shell Trojans

• Command shell Trojan grants remote control of a command shell on a victim's machine.
• Trojan server installed on the victim's machine, opens a port for attacker connection
• Client installed on the attacker's machine to launch a command shell on the victim's machine

Remote Access Trojans (RAT)

• Trojan that functions like a remote desktop access
• Hacker gains complete GUI access to the remote system.
• Attacker gains 100% access to the system
• Infect (Rebecca's) computer with server.exe and plant Reverse Connecting Trojan
• Reverse connection to port 80 to attacker

Botnet Trojans

• Infects a large number of computers across a geographical area to create a botnet controlled by a Command and Control (C&C) center
• Botnet is used to launch various attacks, including denial-of-service, spamming, click fraud, and financial information theft.

Evading Anti-Virus Techniques

• Break down Trojan file into multiple pieces and zip them as a single file
• Write your own Trojan and embed it in an application
• Convert .EXE to VB script; change extension to .DOC.EXE, .PPT.EXE, .PDF.EXE (Windows hides these extensions).
• Change Trojan content using a hex editor and change checksum/encrypt file
• Never use Trojans downloaded from the web.

Viruses

• Self-replicating program that produces copies by attaching to programs, computer boot sectors, or documents.
• Commonly transmitted via file downloads, infected disk/flash drives, and email attachments.
• Virus Characteristics:
  • Infects other programs
  • Alters data
  • Transforms itself
  • Corrupts files and programs
  • Encrypts itself
  • Self-replication

Stages of a Virus's Life

• Design: Developing virus code using programming languages or construction kits
• Replication: Virus replicates within the target system
• Launch: Virus gets activated by the user
• Detection: Virus is identified as a threat
• Incorporation: Antivirus software assimilates defenses against the virus
• Elimination: Users install antivirus updates and eliminate virus threats

Why People Create Computer Viruses

• Inflict damage to competitors
• Financial benefits
• Research projects
• Play pranks
• Vandalism
• Cyber terrorism
• Distribute political messages

How a Computer Gets Infected by Viruses

• User accepts files/downloads without checking source
• Opening infected email attachments
• Installing pirated software
• Not updating/installing new versions of plug-ins
• Not running the latest antivirus application

Encryption Viruses

• Virus encrypts code using a different key for each infected file
• Antivirus scanners cannot directly detect encryption viruses using signature detection.

Computer Worms

• Malicious programs that replicate, execute, and spread across networks independently without human interaction
• Primarily replicate and spread across networks, sometimes carrying a payload to damage the host system.
• Attackers use worm payloads to install backdoors that turn infected computers into zombies making up a botnet to carry out further attacks

How a Worm Differs from a Virus

• Worms replicate on their own and use memory; they cannot attach themselves to other programs.
• Worms spread through infected networks by taking advantage of file/information transport features.

Anti-Virus Sensor Systems

• Collection of computer software that detects and analyzes malicious code, such as viruses, worms, and Trojans.
• Used along with sheep dip computers

How to Detect Trojans

• Scan for suspicious open ports
• Scan for suspicious startup programs
• Scan for suspicious running processes
• Scan for suspicious files and folders
• Scan for suspicious registry entries
• Scan for suspicious network activities
• Scan for suspicious device drivers installed on the computer
• Scan for suspicious Windows services
• Run Trojan scanner to detect Trojans

Trojan Countermeasures

• Avoid opening email attachments from unknown senders
• Install patches and security updates
• Block unnecessary ports
• Avoid accepting programs transferred via IM
• Harden weak, default configuration settings
• Monitor internal network traffic for odd ports/encrypted traffic.
• Scan CDs/DVDs with antivirus software
• Restrict permissions/prevent malicious applications installation
• Avoid blindly typing commands/use scripts beforehand
• Manage local workstation file integrity, port scanning
• Avoid downloading/executing applications from untrusted sources
• Use host-based antivirus, firewall, and intrusion detection software

Backdoor Countermeasures

• Ensure that commercial anti-virus products can automatically scan and detect backdoors before they cause damage
• Educate users not to install applications downloaded from untrusted internet sites/Email attachments
• Use anti-virus tools (McAfee, Norton) to detect and eliminate backdoors

Virus and Worm Countermeasures

• Install antivirus software
• Pay attention to instructions when downloading files from the Internet
• Avoid opening attachments from unknown senders
• Schedule regular scans
• Generate anti-virus policy
• Update antivirus software regularly
• Maintain data backup
• Do not accept disks/programs without checking them first

Description

Test your knowledge on cybersecurity measures, malware types, and protection tools. This quiz includes questions about anti-virus tools, Trojans, and safe practices for downloading files from the Internet. Enhance your understanding of online security protocols.