Cybersecurity Quiz on Malware and Protection

Questions and Answers

Which of the following is recommended when downloading files from the Internet?

Pay attention to the instructions (correct)

Always download files from unknown sources

Ignore the instructions given

Download all files without checking

Regularly maintaining data backup is not important to prevent virus infections.

False

Name two anti-virus tools mentioned in the content.

AVG Antivirus, Kaspersky Anti-Virus

Ensure the _________ blocker is turned on to enhance online security.

pop-up

Match the following actions with their purpose:

Run disk clean up = Free up space and optimize performance Check CDs for virus infection = Prevent malware spread Schedule regular scans = Detect and remove potential threats Turn on the firewall = Protect against unauthorized access

What is the purpose of a wrapper in malware?

To disguise a Trojan with a legitimate application

A Command Shell Trojan provides remote access to the victim's graphical user interface.

False

What is the installation path of the dropper mentioned?

c\windows\system32\svchosts.exe

The Trojan connects to Port _____ to establish a reverse connection.

80

Match the following Trojan types with their descriptions:

Command Shell Trojans = Provide control over a command shell Remote Access Trojans = Grant complete GUI access to a system Botnet Trojans = Infect many computers for coordinated attacks

Which of the following is a method to evade anti-virus detection?

Changing the Trojan's syntax

Which type of malware is specifically designed to trick users into providing sensitive information?

Spyware

Botnet Trojans only affect a single computer at a time.

False

Malware can only enter a system through infected email attachments.

False

What technique do attackers use to embed malware in legitimate advertising networks?

Malvertising

Name one potential use of Botnet Trojans.

Denial-of-service attacks

A program that embeds malware in legitimate software and spreads due to bugs in software is known as a ___.

backdoor

Which of the following is NOT a method attackers use to distribute malware?

Encryption

Match the types of malware with their definitions:

Trojan Horse = A malicious program that disguises itself as legitimate software Rootkit = Software that allows unauthorized access to a computer by hiding its presence Botnet = A network of infected computers used to perform coordinated attacks Ransomware = Malware that encrypts data and demands payment for its recovery

What is the primary function of a Trojan in a cyber attack?

To create backdoors and gain unauthorized remote access.

Attackers commonly exploit ___ in web browsers to initiate Drive-by Downloads.

flaws

What is a key characteristic of a computer virus?

Self-replicating

Viruses are primarily transmitted through secured channels.

False

What stage of a virus's life cycle involves assimilating defenses against it?

Incorporation

A virus that uses encryption to hide its code is referred to as an __________ virus.

encryption

Match the following virus types with their descriptions:

Computer Virus = Self-replicating program that attaches to other programs Encryption Virus = Uses encryption to obscure its code Worm = Replicates and spreads across networks independently Trojan = Disguises itself to trick users into downloading

Which of the following is NOT a reason why people create computer viruses?

To help people

Trojans downloaded from the web are difficult for antivirus software to detect.

False

What can happen if a user ignores updates for antivirus applications?

Increased risk of infection by viruses and malware

What is a primary characteristic that differentiates a worm from a virus?

A worm replicates on its own

A virus spreads automatically through an infected network.

False

What should you avoid doing to protect against Trojans?

Opening email attachments from unknown senders

A worm spreads through the infected _______.

network

Match the scanning method with its corresponding purpose:

Scan for suspicious OPEN PORTS = Detect network vulnerabilities Scan for suspicious RUNNING PROCESSES = Identify malicious programs Scan for suspicious FILES and FOLDERS = Find hidden threats Scan for suspicious REGISTRY ENTRIES = Monitor system settings

Which of the following is NOT a method to detect Trojans?

Ignore unknown network activities

Most commercial anti-virus products can automatically detect backdoor programs.

True

Name one measure to take against viruses and worms.

Install anti-virus software

Study Notes

Malware Threats

• Malware is malicious software designed to damage or disable computer systems, and gives the creator limited or full control for theft or fraud.
• Examples of Malware: Trojan Horse, Virus, Backdoor, Worms, Rootkit, Spyware, Ransomware, Botnet, Adware, Crypter

Ways Malware Enters a System

• Instant Messenger applications
• Browser and email software bugs
• IRC (Internet Relay Chat)
• Removable devices
• Attachments
• NetBIOS (FileSharing)
• Fake programs
• Untrusted sites and freeware software
• Downloading files, games, and screensavers from Internet sites
• Legitimate "shrink-wrapped" software (packaged by disgruntled employee)

Techniques Attackers Use to Distribute Malware

• Blackhat Search Engine Optimization (SEO): Ranking malware pages highly in search results
• Social Engineered Click-jacking: Tricking users into clicking on innocent-looking webpages
• Malvertising: Embedding malware in ad-networks displayed on legitimate, high-traffic sites
• Spearphishing Sites: Mimicking legitimate institutions to steal login credentials
• Compromised Legitimate Websites: Hosting embedded malware that spreads to unsuspecting visitors
• Drive-by Downloads: Exploiting flaws in browser software to install malware by simply visiting a website

How Hackers Use Trojans

• Delete or replace operating system's critical files
• Disable firewalls and antivirus
• Generate fake traffic to create DOS attacks
• Record screenshots, audio, and video of victim's PC
• Use victim's PC for spamming and blasting email messages
• Download spyware, adware, and malicious files
• Create backdoors to gain remote access
• Infect victim's PC as a proxy server for relaying attacks
• Use victim's PC as a botnet to perform DDoS attacks
• Steal information such as passwords, security codes, credit card information using keyloggers

How to Infect Systems Using a Trojan

• Create a new Trojan packet using a Trojan Horse Construction Kit
• Create a dropper (part of trojanized packet) that installs malicious code on the target system
• Example of a Dropper: Installation path: c\windows\system32\svchosts.exe; Autostart: HKLM\Software\Mic.....\run\Iexplorer.exe, Malicious code, Client address: client.attacker.com; Dropzone: dropzone.attacker.com
• A genuine application (e.g., chess.exe); Wrapper data: Executable file
• Create a wrapper using wrapper tools to install Trojan on the victim's computer
• Propagate the Trojan
• Execute the dropper
• Execute the damage routine

Wrappers

• Bind a Trojan executable with an innocent-looking .EXE application (e.g., games or office applications)
• When the user runs the wrapped EXE, it installs the Trojan in the background
• Runs the wrapping application in the foreground
• Two programs wrapped into a single file
• Attackers might send a birthday greeting (that secretly installs a Trojan) as the user watches a birthday cake dance across the screen

Command Shell Trojans

• Command shell Trojan grants remote control of a command shell on a victim's machine.
• Trojan server installed on the victim's machine, opens a port for attacker connection
• Client installed on the attacker's machine to launch a command shell on the victim's machine

Remote Access Trojans (RAT)

• Trojan that functions like a remote desktop access
• Hacker gains complete GUI access to the remote system.
• Attacker gains 100% access to the system
• Infect (Rebecca's) computer with server.exe and plant Reverse Connecting Trojan
• Reverse connection to port 80 to attacker

Botnet Trojans

• Infects a large number of computers across a geographical area to create a botnet controlled by a Command and Control (C&C) center
• Botnet is used to launch various attacks, including denial-of-service, spamming, click fraud, and financial information theft.

Evading Anti-Virus Techniques

• Break down Trojan file into multiple pieces and zip them as a single file
• Write your own Trojan and embed it in an application
• Convert .EXE to VB script; change extension to .DOC.EXE, .PPT.EXE, .PDF.EXE (Windows hides these extensions).
• Change Trojan content using a hex editor and change checksum/encrypt file
• Never use Trojans downloaded from the web.

Viruses

• Self-replicating program that produces copies by attaching to programs, computer boot sectors, or documents.
• Commonly transmitted via file downloads, infected disk/flash drives, and email attachments.
• Virus Characteristics:
  • Infects other programs
  • Alters data
  • Transforms itself
  • Corrupts files and programs
  • Encrypts itself
  • Self-replication

Stages of a Virus's Life

• Design: Developing virus code using programming languages or construction kits
• Replication: Virus replicates within the target system
• Launch: Virus gets activated by the user
• Detection: Virus is identified as a threat
• Incorporation: Antivirus software assimilates defenses against the virus
• Elimination: Users install antivirus updates and eliminate virus threats

Why People Create Computer Viruses

• Inflict damage to competitors
• Financial benefits
• Research projects
• Play pranks
• Vandalism
• Cyber terrorism
• Distribute political messages

How a Computer Gets Infected by Viruses

• User accepts files/downloads without checking source
• Opening infected email attachments
• Installing pirated software
• Not updating/installing new versions of plug-ins
• Not running the latest antivirus application

Encryption Viruses

• Virus encrypts code using a different key for each infected file
• Antivirus scanners cannot directly detect encryption viruses using signature detection.

Computer Worms

• Malicious programs that replicate, execute, and spread across networks independently without human interaction
• Primarily replicate and spread across networks, sometimes carrying a payload to damage the host system.
• Attackers use worm payloads to install backdoors that turn infected computers into zombies making up a botnet to carry out further attacks

How a Worm Differs from a Virus

• Worms replicate on their own and use memory; they cannot attach themselves to other programs.
• Worms spread through infected networks by taking advantage of file/information transport features.

Anti-Virus Sensor Systems

• Collection of computer software that detects and analyzes malicious code, such as viruses, worms, and Trojans.
• Used along with sheep dip computers

How to Detect Trojans

• Scan for suspicious open ports
• Scan for suspicious startup programs
• Scan for suspicious running processes
• Scan for suspicious files and folders
• Scan for suspicious registry entries
• Scan for suspicious network activities
• Scan for suspicious device drivers installed on the computer
• Scan for suspicious Windows services
• Run Trojan scanner to detect Trojans

Trojan Countermeasures

• Avoid opening email attachments from unknown senders
• Install patches and security updates
• Block unnecessary ports
• Avoid accepting programs transferred via IM
• Harden weak, default configuration settings
• Monitor internal network traffic for odd ports/encrypted traffic.
• Scan CDs/DVDs with antivirus software
• Restrict permissions/prevent malicious applications installation
• Avoid blindly typing commands/use scripts beforehand
• Manage local workstation file integrity, port scanning
• Avoid downloading/executing applications from untrusted sources
• Use host-based antivirus, firewall, and intrusion detection software

Backdoor Countermeasures

• Ensure that commercial anti-virus products can automatically scan and detect backdoors before they cause damage
• Educate users not to install applications downloaded from untrusted internet sites/Email attachments
• Use anti-virus tools (McAfee, Norton) to detect and eliminate backdoors

Virus and Worm Countermeasures

• Install antivirus software
• Pay attention to instructions when downloading files from the Internet
• Avoid opening attachments from unknown senders
• Schedule regular scans
• Generate anti-virus policy
• Update antivirus software regularly
• Maintain data backup
• Do not accept disks/programs without checking them first

Description

Test your knowledge on cybersecurity measures, malware types, and protection tools. This quiz includes questions about anti-virus tools, Trojans, and safe practices for downloading files from the Internet. Enhance your understanding of online security protocols.