Chapter 3 - Malicious Code / Chapter 4 - Social Engineering and Password Attacks

Questions and Answers

What is a common characteristic of fileless attacks?

They operate entirely within memory. (correct)

They require user intervention to spread.

They rely on local file storage.

They always leave behind visible files.

Which of the following is crucial for preventing fileless attacks?

Using outdated software.

Limiting the use of scripting tools.

Restricting network access.

Keeping browsers and plug-ins up to date. (correct)

What is an indicator of compromise (IoC) related to viruses?

The number of user clicks on a suspicious link.

A specific Registry entry from a fileless attack. (correct)

The size of a virus executable file.

A screenshot of a virus on a user’s screen.

Which infection method do fileless viruses primarily depend on?

Exploit vulnerabilities in applications.

What is a primary strategy for mitigating viruses?

Awareness about suspicious files.

How can most fileless viruses be detected and stopped?

Through anomalous behavior detection by antimalware tools.

What is a common misconception about fileless attacks?

They always leave behind artifacts on disk.

What is an effective way to remove a virus that has infected a system?

Use antimalware tools or specialized utilities.

Which type of malware is specifically designed to gather user information without their consent?

Spyware

What could cause different antivirus vendors to report varied names for the same malware sample?

Different vendors use different naming conventions for malware.

When investigating a potential keylogger, what type of data is most likely to have been compromised?

All keyboard input entered by the user

If a company system displays a ransom demand and claims data has been encrypted, what type of malware is most likely involved?

Ransomware

If an antimalware scan does not detect any malware but there are indications of infection, what is the best next step?

Use a different machine to scan the hard drive.

What is one of the primary motivations behind the creation and deployment of spyware?

To steal financial information

To distinguish between spyware and bloatware, which characteristic is unique to spyware?

Involves user tracking

Which mitigation strategy is least effective against spyware infections?

Avoiding all internet browsing

Which type of virus remains in memory while the system is running?

Memory-resident virus

What differentiates bloatware from spyware?

Spyware intends to gather user information

Which of the following methods is commonly used for a virus to spread?

Infection mechanisms like thumb drives

What is a common characteristic of fileless virus attacks?

They leave no trace on the hard drive

Which type of virus executes, spreads, and then shuts down?

Non-memory-resident virus

What form can email viruses take to spread?

Attachments or email flaws

What type of virus uses macros to spread within word processing software?

Macro virus

What is the primary purpose of spyware?

To gather information about users and networks

Which indicator would most likely suggest the presence of a keylogger on a system?

Abnormal keystroke logging activity

Which method is most effective at mitigating malware attacks?

Employing strong antivirus and antimalware tools

What is a common characteristic of computer viruses?

They require user action to activate and spread.

Which of the following malware types can remain hidden within a system by using rootkits?

Trojan horses

What distinguishes a logic bomb from other types of malware?

It activates based on specific conditions.

Which of the following strategies is least effective in identifying spyware?

Reviewing user permissions and access levels

What type of malware is set to activate under specific conditions, such as a user leaving a company?

A logic bomb

Which method is the most effective for ensuring complete removal of malware from a system?

Wipe the drive and reinstall from known good media

What is the primary distinction between a virus and a worm in terms of their behavior?

How they spread

When analyzing potentially malicious Python code, what should be the first step?

Open the file using a text editor to review the code

Which preventive measure is most effective against the installation of Trojans?

Installing patches for known vulnerabilities

If a vulnerability in WordPress is exploited over the network, what type of malware is most likely involved?

A worm

Which type of malware is primarily designed to steal personal information without the user’s consent?

Spyware

Which characteristic distinguishes spyware from bloatware?

Purpose of installation

Study Notes

Fileless Attacks

• Fileless attacks inject malware directly into system memory, avoiding traditional file storage.
• Malicious activity includes establishing persistent mechanisms to reinfect systems at reboot, often through Registry entries.
• Vulnerabilities in browsers and plug-ins are exploited, making up-to-date software crucial for prevention.
• Antimalware tools can detect unusual behaviors from tools like PowerShell, aiding in stopping fileless viruses.
• Network-level defenses, like IPSs and reputation systems, can prevent accessing known malicious sites.
• Indicators of Compromise (IoCs) can be sourced from threat feeds such as VirusTotal.

Types of Viruses

• Memory-resident viruses: Operate while the system is running.
• Non-memory-resident viruses: Spread and shut down after execution.
• Boot sector viruses: Located in the boot sector of drives.
• Macro viruses: Use macros in applications like word processors to spread.
• Email viruses: Spread through email attachments or flaws in email clients.

Malware Characteristics

• Computer viruses copy and replicate upon activation and require specific infection mechanisms.
• Viruses consist of triggers and payloads, with various types existing based on their behavior and spread.
• Ransomware: Encrypts victim files and demands ransom payment in cryptocurrency.
• Trojans: Disguised as legitimate software, they perform malicious actions post-download.
• Worms: Self-replicating malware that spreads through networks; unlike viruses, they do not require user action.
• Spyware: Gathers user, system, and network information, often sending it to remote entities.
• Keyloggers: A type of spyware that tracks keystrokes, available in both software and hardware forms.
• Rootkits: Maintain access to a compromised system and conceal malicious actions, often countering security measures.
• Logic bombs: Execute under specific conditions, requiring source code reviews for identification.

Malware Detection and Removal

• Awareness and education help prevent user activation of viruses.
• Various antimalware tools exist to detect and prevent infections, both in-memory and on-disk.
• Removal methods range from simple antimalware scans to more extensive actions depending on the virus type.
• Bloatware: Unwanted software, often pre-installed, whose primary aim is not data gathering like spyware.

Security Best Practices

• Keeping software updated is essential to prevent malware exploitation.
• Analyzing code suspected of being malicious can be done through decompilation or text review.
• Ransomware detection typically involves identifying encryption messages demanding payments.
• The difference between worms and viruses lies primarily in their spreading mechanisms.

Security+ Exam Relevance

• Topics include identifying and mitigating various types of malware (spyware, bloatware, ransomware, etc.).
• Understanding the nuances between similar malware types is key for effective cybersecurity practices.
• Exam scenarios may include identifying stolen data types, malware characteristics, or removal strategies.

Description

Test your knowledge on fileless malware techniques and persistence methods. This quiz covers how such malware operates without leaving traditional traces on storage devices, relying instead on memory residency and system manipulation. Discover the mechanisms used to reinfect systems and understand how malicious activities are conducted in modern cybersecurity.