Cybersecurity: Understanding Malware Types

Questions and Answers

Which of the following is a characteristic of a virus?

It can activate remotely to launch attacks.

It replicates itself into other executable code. (correct)

It uses legitimate authorizations to exploit systems.

It can spread independently through a network.

Which of these malware types does not require a user to execute an infected file?

Worm (correct)

Virus

Zombie

Trojan horse

What is the primary function of a Trojan horse?

To exploit system vulnerabilities to gain unauthorized access. (correct)

To spread through a network without user interaction.

To activate remotely to launch attacks on other machines.

To replicate itself into other executable files.

Which of the following is a common way worms spread?

By exploiting vulnerabilities in network protocols. (A)

What is the primary purpose of a zombie?

To launch attacks on other systems under remote control. (C)

What is the primary aim of 'Advanced Persistent Threat' (APT) cybercrime?

To disrupt the operations of specific target organizations (A)

Which of these tools are used by hackers to gain root-level access after compromising a computer system?

Rootkits (A)

What is the purpose of 'logic bombs' in malware?

To activate malicious code under specific conditions (D)

Which of the following is NOT a characteristic of 'drive-by-downloads'?

Requires user interaction to download malware (A)

What is the primary function of 'downloaders' in a malware attack?

To install additional malware payloads (D)

Which of these tools is specifically designed to generate custom malware automatically?

Attack kits (B)

Which type of malware uses macro coding to spread itself within documents?

Macro virus (A)

What is the main purpose of 'spyware'?

To monitor user activities and steal sensitive information (C)

Flashcards

Trojan horse

A program that seems useful but has hidden malicious functions.

Virus

Malware that replicates itself into other code when executed.

Worm

A program that runs independently and spreads across networks.

Zombie

A program on an infected machine used to attack others.

Bot

An automated program that performs tasks on the internet.

Advanced Persistent Threat (APT)

Cybercrime targeting specific businesses or political entities, using diverse intrusion methods and malware over time, often by state-sponsored groups.

Adware

Software that displays advertisements or redirects browsers, often integrated into other programs.

Backdoor

A method allowing unauthorized access to a program or system, bypassing normal security checks.

Drive-by-download

Attack using malicious code on a compromised site that exploits browser vulnerabilities to download malware.

Keyloggers

Software or hardware that captures keystrokes from a compromised system to monitor user activity.

Logic bomb

Malicious code that triggers a payload when a specific condition is met, often lying dormant until activated.

Macro virus

A virus that uses macro code embedded in documents to replicate itself when the document is opened or modified.

Spyware

Software that secretly collects information from a computer and transmits it to third parties, often by monitoring user behavior.

Study Notes

Advanced Persistent Threat (APT)

• APT is cybercrime targeting businesses and political targets.
• APT uses various intrusion technologies and malware.
• APT is applied persistently and effectively to specific targets over an extended period.
• APT is often attributed to state-sponsored organizations.

Adware

• Adware integrates advertising into software.
• Adware can create pop-up ads or redirect a browser to commercial sites.

Attack Kit

• Attack kits automatically generate new malware.
• Attack kits use various propagation and payload mechanisms.

Auto-rooter

• Auto-rooters are malicious tools for remote system intrusions.

Backdoor (Trapdoor)

• Backdoors bypass normal security checks.
• Backdoors enable unauthorized access to functionality or a compromised system.

Downloaders

• Downloaders install additional items on compromised systems.
• Downloaders import larger malware packages.

Drive-by-Download

• Drive-by-download attacks use compromised websites.
• Drive-by-download exploits browser vulnerabilities to attack client systems.

Exploits

• Exploits are code targeting specific vulnerabilities.

Flooders (DoS client)

• Flooders generate large data volumes to attack networked systems.
• Flooders execute denial-of-service (DoS) attacks.

Keyloggers

• Keyloggers capture keystrokes on compromised systems.

Logic Bomb

• Logic bombs are code inserted into malware.
• Logic bombs trigger payloads after a defined condition is met.

Macro Virus

• Macro viruses use macro or scripting code.
• Macro viruses are embedded in documents or templates.
• Macro viruses replicate to other documents upon viewing or editing.

Mobile Code

• Mobile code executes with identical semantics across various platforms.

Rootkit

• Rootkits are a set of hacker tools.
• Rootkits provide root-level access after a system breach.

Spammer Programs

• Spammer programs send large volumes of unwanted emails.

Spyware

• Spyware gathers information from computers.
• Spyware transmits data to other systems.
• Spyware monitors keystrokes, screen data, and network traffic.
• Spyware scans files for sensitive information.

Trojan Horse

• Trojan horses appear useful but have hidden malicious functions.
• Trojan horses evade security mechanisms.
• Trojan horses exploit legitimate system authorizations.

Virus

• Viruses replicate themselves into executable machine or script code.
• A virus executes when infected code is executed.

Worm

• Worms can run independently and propagate themselves onto other systems.
• Worms exploit software vulnerabilities or captured credentials.

Zombie, Bot

• Zombies/bots are programs on infected machines.
• Zombies/bots launch attacks on other machines.

20 Questions for Study

1. What are the characteristics of an Advanced Persistent Threat (APT)?
2. How does adware operate?
3. What is the function of an attack kit?
4. What is the purpose of an auto-rooter?
5. Explain the concept of a backdoor.
6. What is the role of a downloader in malware?
7. Describe a drive-by-download attack.
8. What is a specific function of an exploit?
9. How do flooders cause denial-of-service attacks?
10. What is the purpose of a keylogger?
11. Define a logic bomb within a malware context.
12. How does a macro virus function?
13. What are the key features of mobile code designed for heterogeneous environments?
14. What is a rootkit used for in an attack?
15. What do spammer programs do?
16. What is the malicious intent of spyware software?
17. What are the actions of a trojan horse?
18. What is the defining characteristic of a computer virus in how it replicates?
19. What is the independent action of a computer worm?
20. How is a zombie or bot employed in a cyberattack?

Description

This quiz covers various types of malware and cyber threats, including Advanced Persistent Threats, adware, attack kits, and more. Test your knowledge on how these malicious tools operate and their implications for security.