023 Device and Storage Security - 023.3 Malware (weight: 3)

Questions and Answers

What is a key feature of signature-based malware detection?

• It analyzes the behavior of the software.
• It guarantees no false positives.
• It creates unique fingerprints of known malware. (correct)
• It is effective against all types of malware.

Why might it be recommended to reinstall affected systems rather than just removing malware?

• Users prefer a fresh start with their systems.
• Antivirus software can identify all malware effectively.
• Some malware can hide deeply within the system. (correct)
• Reinstallation is usually faster than removing malware.

What is a potential drawback of heuristic malware detection?

• It does not consider the software's purpose.
• It focuses solely on file types.
• It requires current signatures to function.
• It may misclassify benign software as malware. (correct)

What could render a locally installed virus scanner ineffective?

Having outdated virus signatures. (C)

What is a characteristic of advanced malware?

It shows harmful behavior only under certain conditions. (D)

Which statement about false positives in malware detection is true?

They are a common issue in heuristic detection methods. (B)

How do malware scanners typically detect malware?

By using a combination of signature and heuristic methods. (D)

What could lead to malware going undetected?

Malware can be designed to mimic legitimate software. (A)

What is a primary characteristic of malware?

It causes damage upon execution. (D)

Which of the following is NOT a typical consequence of malware?

Increased system performance. (C)

How might malware facilitate data exfiltration?

Granting access to local and network files. (C)

What type of information can be gathered through keylogging?

All keyboard inputs including passwords. (B)

What method might attackers use to exploit address books?

Sending spam and spear-phishing attacks. (C)

What capability does malware offer regarding the camera and microphone?

Monitoring and listening to individuals. (C)

Which of these is a potential use of stolen information from malware attacks?

Blackmailing victims with threat of exposure. (D)

Which of the following best describes the promotion of malware distribution?

Using infected systems to spread malware further. (C)

What is the characteristic feature of a Trojan?

It poses as legitimate software while performing malicious activities. (A)

What typically distinguishes ransomware from other types of malware?

It prevents access to data through encryption and demands a ransom for access. (C)

What method do most viruses use to spread?

Email attachments and infected media. (D)

What is a primary function of adware?

Inserting advertisements in applications and websites. (A)

How do cryptominers typically operate?

Using the computational power of compromised systems to generate cryptocurrencies. (D)

What is a common method used by attackers to maintain access to a compromised system?

Establishing a backdoor or rootkit. (B)

What is often a result of spyware on a system?

It records sensitive information without user knowledge. (B)

Which type of malware requires user interaction for execution?

Virus (C)

What type of threat do remote access tools primarily pose?

They enable unauthorized access to systems over a network. (C)

What is a significant impact of espionage conducted through malware?

Unauthorized access to sensitive personal and business information. (C)

What is an example of how malware might exploit system vulnerabilities?

By utilizing email programs with outdated security. (B)

What action can ransomware perform after encrypting data on a victim's system?

Request payment for the decryption key. (C)

What is a notable feature of a backdoor in the context of malware?

It allows unauthorized remote access. (D)

Which malware category is known for embedding advertising content?

Adware (D)

Study Notes

Malware Overview

• Malware is software designed to cause harm upon execution.
• Common consequences include data encryption, alteration, deletion, unauthorized access, and lasting access for attackers.
• Data collection methods may include keylogging and unauthorized use of microphones and webcams.

Consequences of Malware

• Data Exfiltration: Attackers can access and copy files from local drives, network drives, and cloud services for espionage, ransom, or public disclosure.
• Address Book Compromise: Email and groupware address books can be used for spam, phishing, targeted attacks, and identity theft.
• Keylogging: Capturing all keystrokes, including usernames, passwords, and sensitive information from emails and documents.
• Webcam and Microphone Control: Can surveil individuals, gather private information, and create compromising material.
• Backdoors and Remote Access: Malware may provide continuous access to systems via network backdoors, often disguised as legitimate accounts or services.

Malware Categories

• Viruses: Self-replicating software that spreads through email attachments, removable media, or network shares, exploiting security vulnerabilities.
• Trojan Horses: Misleading software that appears to perform useful tasks while executing malicious functions like file access and deletions.
• Ransomware: Locks access to data through encryption, demanding ransom for recovery, often requiring initial system access via insider actions or vulnerabilities.
• Adware: Integrates advertisements into applications and websites, often disrupting device usability and generating revenue for attackers.
• Cryptominers: Uses compromised systems to perform cryptocurrency calculations, diverting computing power for the attacker’s profit.

Defense Against Malware

• Malware Scanners: Tools that detect and block malicious software, recommended to reset infected systems instead of simply removing malware.
• Signature-based Detection: Compares files against known malware signatures, but may not recognize modified malware or misidentifies benign software as threats.
• Heuristic Detection: Examines software behavior for typical malicious actions, potentially identifying new or altered malware based on operational patterns.

Additional Considerations

• False positives can occur in signature-based systems when legitimate software resembles malware signatures.
• Heuristic methods allow for detection even when malware doesn’t match known signatures, but advanced threats may only trigger malicious behavior under specific conditions.

Description

This quiz covers the essential concepts related to malware and its impact on device and storage security. Participants will learn about different types of malware, how it can affect data, and the implications of a malware attack on systems and networks. Test your knowledge and understanding of this critical security topic.