Untitled Quiz

Questions and Answers

What is the primary function of a backdoor Trojan?

• To allow remote access to a system (correct)
• To hijack online banking credentials
• To encrypt files and demand ransom
• To disable antivirus software

Which type of ransomware locks the user out of their device without encrypting files?

• Crypto ransomware
• Scareware
• Locker ransomware (correct)
• Phishing ransomware

How do botnets typically infect devices?

• Via legitimate software updates
• Through malware downloaded unknowingly (correct)
• By direct interaction with the botmaster
• Through physical connections to a network

What is one characteristic of scareware?

It pretends to be legitimate software asking for payment (B)

What payment method is commonly used by attackers after a ransomware infection?

Cryptocurrency (A)

What role does a command-and-control (C&C) server play in a botnet?

It allows the botmaster to control infected devices (D)

What is a primary characteristic that differentiates worms from viruses?

Worms exploit vulnerabilities to propagate. (D)

Which type of Trojan specifically targets online banking systems?

Banking Trojan (B)

Which type of computer virus is known to infect the boot sector of storage devices?

Boot Sector Virus (B)

What is a common outcome for victims who pay the ransom after a ransomware attack?

No guarantee of receiving a working decryption key (A)

Which impact is commonly associated with computer viruses affecting business operations?

Unauthorized access to sensitive data (D)

What can be a common consequence of data loss due to a malware attack?

Financial loss (C)

Which of the following types of malware spreads through documents using macro language?

Macro Virus (D)

What is one of the strategies for removing malware from an infected system?

Employ dedicated antivirus software. (A)

Which type of virus is designed to change its code slightly, making it difficult to detect?

Polymorphic Virus (A)

Which characteristic of malware could potentially lead to performance issues in a system?

Increased CPU usage (D)

What is a defining feature of fileless malware?

It runs directly from memory without leaving traditional files. (A)

What is a characteristic way that fileless malware conducts its operations?

By using built-in system tools like PowerShell. (B)

Which of the following is a common mechanism through which malvertising delivers malware?

Exploiting weaknesses in web browsers. (A)

Which type of malware is commonly associated with malvertising?

Trojan horses that disguise themselves as legitimate programs. (A)

What is one of the potential impacts of malvertising on businesses?

Damage to reputation and financial losses. (C)

Which of the following is NOT a recommended way to prevent malware?

Download software from unverified sources. (C)

How does fileless malware maintain persistence after a reboot?

By exploiting built-in services or processes. (B)

What is a primary concern for users regarding malvertising?

Potential loss of sensitive information. (D)

Flashcards

Malware

Malicious software designed to harm or exploit systems.

Computer Virus

A program that replicates itself and spreads to other computers, often without user knowledge.

Virus Replication

The ability of a virus to make copies of itself and spread to other systems.

Virus Payload

The harmful action a virus performs when activated.

Worm

Self-replicating malware that spreads to other computers without user intervention, using system vulnerabilities.

Virus vs. Worm

Viruses need a host file to spread, while worms exploit vulnerabilities to spread through networks.

File Infector Virus

A virus that attaches itself to executable files and activates when the file is launched.

Macro Virus

A type of virus embedded in documents using macro language.

Fileless Malware

Malware that executes directly in memory without creating files on the disk. It often uses legitimate system tools, making it hard to detect.

Memory-Based Execution

A characteristic of fileless malware; it runs directly from computer memory, not from files on the hard drive.

Legitimate Tools Exploitation

Fileless malware often uses built-in system tools like PowerShell or WMI to operate, disguising its malicious actions.

Malvertising

The practice of spreading malware through online advertisements.

Drive-by Downloads

Automated malware downloads without user interaction, often triggered by visiting malicious websites.

Stealthy Operations

A key characteristic of fileless malware; it operates in a hidden way, not writing files to the disk, which makes detection difficult.

Malware Types

Fileless malware can spread types of malware including ransomware, spyware, adware and trojans.

Persistence Mechanisms

Some forms of fileless malware can re-establish themselves after a system reboot by exploiting legitimate services or processes.

Backdoor Trojan

A type of Trojan that gives remote access to a system, allowing the attacker to control it.

Banking Trojan

A Trojan specifically designed to steal banking credentials and information.

Ransomware

Malware that encrypts files and demands payment for their release.

Crypto Ransomware

A type of ransomware that encrypts files and demands payment for a decryption key.

Locker Ransomware

Ransomware that locks the user out of the device, but doesn't encrypt files.

Botnet

A network of compromised computers or devices controlled by a single entity (botmaster).

Bot (in a botnet)

Software that allows a malicious actor to control infected devices.

Command-and-Control (C&C) server

Server used by the botmaster to control the infected devices in a botnet.

Study Notes

Network Security Threats

• Network security threats compromise confidentiality, integrity, and availability of information and systems.
• Various types of network security threats exist, including malware.

Malware

• Malware is malicious software intended to harm or exploit systems.
• Different types of malware exist, including malvertising, viruses, worms, trojans, rootkits, spyware, adware, bots or botnets, and ransomware.

Viruses

• Viruses are self-replicating programs that spread from one computer to another.
• They infect software applications, operating systems, and files, often without the user's knowledge.
• Virus characteristics include replication (making copies of themselves), activation (remaining dormant until a condition is met), and payload (action performed when activated, ranging from displaying messages to damaging/deleting data).

Types of Computer Viruses

• File Infector Virus: Attaches to executable files, activating when launched.
• Macro Virus: Embedded in documents (like Word or Excel files) using macro language, spreading when opened.
• Boot Sector Virus: Infects the boot sector of storage devices and executes each time the computer starts.
• Polymorphic Virus: Changes its code slightly each time it infects a new host, making detection difficult.
• Multipartite Virus: Spreads through multiple ways, including files and boot sectors simultaneously.

Effects of Computer Viruses

• Data Loss: Viruses can corrupt or delete files, leading to data loss.
• Performance Issues: Increased CPU usage or slow system performance due to the virus operating in the background.
• Unauthorized Access: Viruses can open backdoors for cybercriminals, risking personal and sensitive data.
• Network Spread: Viruses can propagate through networks, affecting multiple systems connected to the same network.

Worms

• Worms are a type of malware that self-replicates and spreads to other computers without user intervention.
• They exploit vulnerabilities in operating systems or applications to propagate across networks.

Key Characteristics of Computer Worms

• Self-Replication: Worms create copies and spread to other devices often across networks.
• Exploitation of Vulnerabilities: Worms exploit software or operating system vulnerabilities (open ports, unsecured network shares, etc.) to access new systems.
• Payloads: Some worms carry payloads, performing malicious actions, such as installing backdoors, stealing data, or encrypting files for ransom.
• Network Propagation: Worms spread quickly across networks, scanning vulnerable devices and exploiting them.
• No User Interaction Required: Worms spread autonomously, unlike many types of malware.

Examples of Notable Computer Worms

• Morris Worm (1988): Initial internet worm, causing significant slowdowns.
• ILOVEYOU Worm (2000): Spread via email with a deceptive subject line and attachment, causing widespread damage.
• Conficker (2008): Highly prolific worm that exploited vulnerabilities in Windows systems, creating a large botnet.
• WannaCry (2017): Ransomware worm that exploited a vulnerability in Windows, encrypting user files and demanding ransom payments in Bitcoin.

Trojans

• Trojans, disguised as legitimate applications or files, trick users into downloading and executing them.
• Unlike viruses or worms, Trojans do not self-replicate but rely on user action to unleash their payload.

Key Characteristics of Trojans

• Deceptive Appearance: Trojans masquerade as harmless software (games, utilities, updates).
• Payload Delivery: Once executed, Trojans can perform various malicious actions (stealing sensitive information, enabling remote access, downloading additional malware).

Types of Trojans

• Backdoor Trojans: Allow remote access to a system, enabling attacker control.
• Banking Trojans: Target financial institutions, compromising online banking credentials.
• Ransomware: Encrypts files, demanding ransom for decryption (often classified separately).
• Trojans that Download Other Malware: Designed to install additional malicious software on the system.

Ransomware

• Ransomware is malicious software designed to deny access to a computer system or data until a ransom is paid to the attacker.

How Ransomware Works

• Infection Vectors: Ransomware spreads via phishing emails, malicious downloads, or vulnerabilities in software.
• Encryption: The malware encrypts files on the victim's device or network, rendering them inaccessible.
• Payment and Decryption: Attackers demand payment (often in cryptocurrency), with no guarantee of decryption key provision or file recovery.

Types of Ransomware

• Crypto Ransomware: Encrypts files, demanding a ransom for the decryption key.
• Locker Ransomware: Locks the user out of the device or operating system, demanding a ransom.
• Scareware: Pretends to be legitimate software (often antivirus) and demands payment to remove the non-existent threat.

Botnets

• Botnets are a network of compromised computers or devices controlled by a single entity (botmaster).
• "Bot" is short for "robot," referring to the software that allows the malicious actor to control infected devices.

Key Characteristics of Botnets

• Infection: Devices become part of a botnet through malware (malicious downloads, phishing, exploit kits).
• Control: Infected devices can be remotely controlled by the botmaster using command-and-control (C&C) servers.

Types of Botnets

• DDoS (Distributed Denial of Service) Attacks: Overwhelm a target server or network with traffic to disrupt services.
• Spam Distribution: Sending out massive amounts of spam emails.
• Data Theft: Harvesting sensitive information (login credentials, financial data).
• Cryptojacking: Using infected devices to mine cryptocurrencies without the user's consent.

Notable Botnets

• Mirai: IoT botnet exploiting insecure devices (cameras, routers) to launch massive DDoS attacks.
• Conficker: Exploiting Windows vulnerabilities, creating a large botnet that spread via removable media and network shares.
• Zeus: Primarily focused on stealing banking credentials, used for various cybercriminal activities.

Adware

• Adware is advertising-supported software, delivering advertisements automatically.
• Bundled with free software, adware can display unwanted ads, pop-ups, and redirect web traffic to advertising websites.

Key Points About Adware

• Functionality: Generates revenue for the developer by displaying ads or tracking user behavior for targeted marketing.
• Installation: Often bundled with other software, sometimes without the user's explicit consent.
• Impact: Can slow down the device, consume system resources, and provide an annoying user experience due to constant pop-ups and intrusive ads.
• Removal: Many antivirus and anti-malware programs can detect and remove adware.

Spyware

• Spyware collects information about an individual or organization without their knowledge or consent.
• It monitors user activity, collects sensitive data, and potentially compromises privacy and security.

Spyware Purposes

• Data Theft: Captures personal information (passwords, credit card numbers).
• Surveillance: Monitors user behavior (browsing habits, keystrokes).
• Targeted Advertising: Tracks user behavior to serve targeted ads.
• Network Exploitation: Takes advantage of vulnerabilities to spread or gain unauthorized access to systems..

Rootkits

• Rootkits are malicious software tools that allow unauthorized users to gain control over a computer system without being detected.
• They are designed to hide their presence and the presence of other malicious software.

Types of Rootkits

• User-mode Rootkits: Operate at the user level, modifying executables, system libraries, or user applications.
• Kernel-mode Rootkits: Operate at the kernel level of the operating system, offering more extensive control.
• Bootkits: A subtype of kernel-mode rootkits, embedding in the system's boot process.
• Firmware Rootkits: Target the firmware of hardware components like BIOS or UEFI.

Fileless Malware

• Fileless malware operates without creating traditional files on the disk.
• Instead, it executes directly in memory, exploiting legitimate system tools and processes, making detection more difficult.

Fileless Malware Characteristics

• Memory-based: Runs directly from memory.
• Legitimate tools: Leverages built-in system tools (PowerShell, WMI, scripts).
• Stealthy operations: Avoids file scanning detection methods.
• Persistence: Mechanisms to re-establish operations after a reboot.

Malvertising

• Malvertising refers to delivering malicious software through online advertising.
• It can occur when legitimate ad networks unknowingly serve ads that contain malware, or when malicious actors purposefully create and distribute harmful advertisements.

Malvertising Key Points

• Mechanism: Exploits weaknesses in web browsers or user systems, leading to automatic downloads or redirects.
• Types of Malware: Can include ransomware, spyware, adware, and trojans.
• Impact: Has significant negative effects on users, businesses, and advertisers (information loss, financial theft, reputational damage).

Preventing Malware

• Use antivirus software.
• Keep software up-to-date.
• Be cautious with email attachments.
• Download from trusted sources.
• Use a firewall.
• Practice safe browsing.
• Avoid public Wi-Fi.
• Regularly back up data.
• Enable pop-up blockers.
• Educate yourself and others.
• Limit user privileges.
• Check permissions for installed apps.