Untitled Quiz

Questions and Answers

What is the primary function of a backdoor Trojan?

To allow remote access to a system (correct)

To hijack online banking credentials

To encrypt files and demand ransom

To disable antivirus software

Which type of ransomware locks the user out of their device without encrypting files?

Crypto ransomware

Scareware

Locker ransomware (correct)

Phishing ransomware

How do botnets typically infect devices?

Via legitimate software updates

Through malware downloaded unknowingly (correct)

By direct interaction with the botmaster

Through physical connections to a network

What is one characteristic of scareware?

It pretends to be legitimate software asking for payment

What payment method is commonly used by attackers after a ransomware infection?

Cryptocurrency

What role does a command-and-control (C&C) server play in a botnet?

It allows the botmaster to control infected devices

What is a primary characteristic that differentiates worms from viruses?

Worms exploit vulnerabilities to propagate.

Which type of Trojan specifically targets online banking systems?

Banking Trojan

Which type of computer virus is known to infect the boot sector of storage devices?

Boot Sector Virus

What is a common outcome for victims who pay the ransom after a ransomware attack?

No guarantee of receiving a working decryption key

Which impact is commonly associated with computer viruses affecting business operations?

Unauthorized access to sensitive data

What can be a common consequence of data loss due to a malware attack?

Financial loss

Which of the following types of malware spreads through documents using macro language?

Macro Virus

What is one of the strategies for removing malware from an infected system?

Employ dedicated antivirus software.

Which type of virus is designed to change its code slightly, making it difficult to detect?

Polymorphic Virus

Which characteristic of malware could potentially lead to performance issues in a system?

Increased CPU usage

What is a defining feature of fileless malware?

It runs directly from memory without leaving traditional files.

What is a characteristic way that fileless malware conducts its operations?

By using built-in system tools like PowerShell.

Which of the following is a common mechanism through which malvertising delivers malware?

Exploiting weaknesses in web browsers.

Which type of malware is commonly associated with malvertising?

Trojan horses that disguise themselves as legitimate programs.

What is one of the potential impacts of malvertising on businesses?

Damage to reputation and financial losses.

Which of the following is NOT a recommended way to prevent malware?

Download software from unverified sources.

How does fileless malware maintain persistence after a reboot?

By exploiting built-in services or processes.

What is a primary concern for users regarding malvertising?

Potential loss of sensitive information.

Study Notes

Network Security Threats

• Network security threats compromise confidentiality, integrity, and availability of information and systems.
• Various types of network security threats exist, including malware.

Malware

• Malware is malicious software intended to harm or exploit systems.
• Different types of malware exist, including malvertising, viruses, worms, trojans, rootkits, spyware, adware, bots or botnets, and ransomware.

Viruses

• Viruses are self-replicating programs that spread from one computer to another.
• They infect software applications, operating systems, and files, often without the user's knowledge.
• Virus characteristics include replication (making copies of themselves), activation (remaining dormant until a condition is met), and payload (action performed when activated, ranging from displaying messages to damaging/deleting data).

Types of Computer Viruses

• File Infector Virus: Attaches to executable files, activating when launched.
• Macro Virus: Embedded in documents (like Word or Excel files) using macro language, spreading when opened.
• Boot Sector Virus: Infects the boot sector of storage devices and executes each time the computer starts.
• Polymorphic Virus: Changes its code slightly each time it infects a new host, making detection difficult.
• Multipartite Virus: Spreads through multiple ways, including files and boot sectors simultaneously.

Effects of Computer Viruses

• Data Loss: Viruses can corrupt or delete files, leading to data loss.
• Performance Issues: Increased CPU usage or slow system performance due to the virus operating in the background.
• Unauthorized Access: Viruses can open backdoors for cybercriminals, risking personal and sensitive data.
• Network Spread: Viruses can propagate through networks, affecting multiple systems connected to the same network.

Worms

• Worms are a type of malware that self-replicates and spreads to other computers without user intervention.
• They exploit vulnerabilities in operating systems or applications to propagate across networks.

Key Characteristics of Computer Worms

• Self-Replication: Worms create copies and spread to other devices often across networks.
• Exploitation of Vulnerabilities: Worms exploit software or operating system vulnerabilities (open ports, unsecured network shares, etc.) to access new systems.
• Payloads: Some worms carry payloads, performing malicious actions, such as installing backdoors, stealing data, or encrypting files for ransom.
• Network Propagation: Worms spread quickly across networks, scanning vulnerable devices and exploiting them.
• No User Interaction Required: Worms spread autonomously, unlike many types of malware.

Examples of Notable Computer Worms

• Morris Worm (1988): Initial internet worm, causing significant slowdowns.
• ILOVEYOU Worm (2000): Spread via email with a deceptive subject line and attachment, causing widespread damage.
• Conficker (2008): Highly prolific worm that exploited vulnerabilities in Windows systems, creating a large botnet.
• WannaCry (2017): Ransomware worm that exploited a vulnerability in Windows, encrypting user files and demanding ransom payments in Bitcoin.

Trojans

• Trojans, disguised as legitimate applications or files, trick users into downloading and executing them.
• Unlike viruses or worms, Trojans do not self-replicate but rely on user action to unleash their payload.

Key Characteristics of Trojans

• Deceptive Appearance: Trojans masquerade as harmless software (games, utilities, updates).
• Payload Delivery: Once executed, Trojans can perform various malicious actions (stealing sensitive information, enabling remote access, downloading additional malware).

Types of Trojans

• Backdoor Trojans: Allow remote access to a system, enabling attacker control.
• Banking Trojans: Target financial institutions, compromising online banking credentials.
• Ransomware: Encrypts files, demanding ransom for decryption (often classified separately).
• Trojans that Download Other Malware: Designed to install additional malicious software on the system.

Ransomware

• Ransomware is malicious software designed to deny access to a computer system or data until a ransom is paid to the attacker.

How Ransomware Works

• Infection Vectors: Ransomware spreads via phishing emails, malicious downloads, or vulnerabilities in software.
• Encryption: The malware encrypts files on the victim's device or network, rendering them inaccessible.
• Payment and Decryption: Attackers demand payment (often in cryptocurrency), with no guarantee of decryption key provision or file recovery.

Types of Ransomware

• Crypto Ransomware: Encrypts files, demanding a ransom for the decryption key.
• Locker Ransomware: Locks the user out of the device or operating system, demanding a ransom.
• Scareware: Pretends to be legitimate software (often antivirus) and demands payment to remove the non-existent threat.

Botnets

• Botnets are a network of compromised computers or devices controlled by a single entity (botmaster).
• "Bot" is short for "robot," referring to the software that allows the malicious actor to control infected devices.

Key Characteristics of Botnets

• Infection: Devices become part of a botnet through malware (malicious downloads, phishing, exploit kits).
• Control: Infected devices can be remotely controlled by the botmaster using command-and-control (C&C) servers.

Types of Botnets

• DDoS (Distributed Denial of Service) Attacks: Overwhelm a target server or network with traffic to disrupt services.
• Spam Distribution: Sending out massive amounts of spam emails.
• Data Theft: Harvesting sensitive information (login credentials, financial data).
• Cryptojacking: Using infected devices to mine cryptocurrencies without the user's consent.

Notable Botnets

• Mirai: IoT botnet exploiting insecure devices (cameras, routers) to launch massive DDoS attacks.
• Conficker: Exploiting Windows vulnerabilities, creating a large botnet that spread via removable media and network shares.
• Zeus: Primarily focused on stealing banking credentials, used for various cybercriminal activities.

Adware

• Adware is advertising-supported software, delivering advertisements automatically.
• Bundled with free software, adware can display unwanted ads, pop-ups, and redirect web traffic to advertising websites.

Key Points About Adware

• Functionality: Generates revenue for the developer by displaying ads or tracking user behavior for targeted marketing.
• Installation: Often bundled with other software, sometimes without the user's explicit consent.
• Impact: Can slow down the device, consume system resources, and provide an annoying user experience due to constant pop-ups and intrusive ads.
• Removal: Many antivirus and anti-malware programs can detect and remove adware.

Spyware

• Spyware collects information about an individual or organization without their knowledge or consent.
• It monitors user activity, collects sensitive data, and potentially compromises privacy and security.

Spyware Purposes

• Data Theft: Captures personal information (passwords, credit card numbers).
• Surveillance: Monitors user behavior (browsing habits, keystrokes).
• Targeted Advertising: Tracks user behavior to serve targeted ads.
• Network Exploitation: Takes advantage of vulnerabilities to spread or gain unauthorized access to systems..

Rootkits

• Rootkits are malicious software tools that allow unauthorized users to gain control over a computer system without being detected.
• They are designed to hide their presence and the presence of other malicious software.

Types of Rootkits

• User-mode Rootkits: Operate at the user level, modifying executables, system libraries, or user applications.
• Kernel-mode Rootkits: Operate at the kernel level of the operating system, offering more extensive control.
• Bootkits: A subtype of kernel-mode rootkits, embedding in the system's boot process.
• Firmware Rootkits: Target the firmware of hardware components like BIOS or UEFI.

Fileless Malware

• Fileless malware operates without creating traditional files on the disk.
• Instead, it executes directly in memory, exploiting legitimate system tools and processes, making detection more difficult.

Fileless Malware Characteristics

• Memory-based: Runs directly from memory.
• Legitimate tools: Leverages built-in system tools (PowerShell, WMI, scripts).
• Stealthy operations: Avoids file scanning detection methods.
• Persistence: Mechanisms to re-establish operations after a reboot.

Malvertising

• Malvertising refers to delivering malicious software through online advertising.
• It can occur when legitimate ad networks unknowingly serve ads that contain malware, or when malicious actors purposefully create and distribute harmful advertisements.

Malvertising Key Points

• Mechanism: Exploits weaknesses in web browsers or user systems, leading to automatic downloads or redirects.
• Types of Malware: Can include ransomware, spyware, adware, and trojans.
• Impact: Has significant negative effects on users, businesses, and advertisers (information loss, financial theft, reputational damage).

Preventing Malware

• Use antivirus software.
• Keep software up-to-date.
• Be cautious with email attachments.
• Download from trusted sources.
• Use a firewall.
• Practice safe browsing.
• Avoid public Wi-Fi.
• Regularly back up data.
• Enable pop-up blockers.
• Educate yourself and others.
• Limit user privileges.
• Check permissions for installed apps.