Malicious Software and Computer Viruses

Questions and Answers

What is the primary characteristic of a non-resident virus?

• It can only infect files when the host program is running.
• It resides in the computer's memory.
• It infects executable files without needing the programs to be active. (correct)
• It is unable to replicate itself without user intervention.

Which type of malicious software is specifically designed to replicate itself across a network?

• Adware
• Computer virus
• Worm (correct)
• Trojan horse

What distinguishes a resident virus from a non-resident virus?

• Resident viruses utilize the computer's memory to attack files. (correct)
• Resident viruses do not infect executable files.
• Resident viruses cannot replicate themselves.
• Non-resident viruses can only attack anti-virus software.

What is the primary function of malicious software?

To cause harm to a computer system or network. (A)

Which of the following forms of malware can modify or delete system files?

Trojan horse (D)

How do worms typically spread through a network?

Through self-replication across the network nodes. (A)

What is a common source of resident viruses?

Infected backup drives or disks. (D)

Which type of malicious software does NOT typically modify existing files?

Worm (B)

What was the common name given to the I LOVE YOU virus?

Love Letter (C)

Which programming language was used to write the I LOVE YOU virus?

VBScript (A)

Who was responsible for creating and distributing the I LOVE YOU virus?

Onel de Guzman (D)

Which operating system did the Love Letter virus primarily target?

Windows (C)

In what year did the I LOVE YOU virus begin spreading?

2000 (B)

The Morris Worm created significant problems due to which factor?

Bugs in the code (A)

What unique method did the SQL Slammer worm use for distribution?

Random IP address generation (B)

What does ransomware do to a victim's data?

Encrypts it for ransom (D)

What symptoms may indicate the presence of a rootkit on a computer?

Slowdowns and mysterious settings changes (A)

What action should be taken if antivirus software deactivates unexpectedly?

Perform an anti-rootkit scan (C)

Which of the following is a recommended step after performing an anti-rootkit scan?

Reinstall your cybersecurity software (D)

Which issue may NOT be associated with rootkit infections?

System performance enhancement (D)

If continuous slow performance is observed, which malicious software is a likely suspect?

Rootkits (C)

What is the primary function of spyware?

To collect personal data without the user's awareness (B)

Why are rootkits considered dangerous?

They can infect systems without displaying symptoms. (D)

Which type of rootkit infiltrates the bootloader of a computer?

Bootloader rootkit (B)

What is a common way to detect rootkit infections?

Unexpected system crashes (A)

How can a memory rootkit typically be removed?

By restarting the computer (A)

What do firmware rootkits compromise?

The device firmware where malware is typically undetected (C)

Which characteristic is NOT true about rootkits?

They all display clear and immediate symptoms. (D)

What kind of software should be used to remove spyware from a computer?

Adware and cleanup applications (D)

What is a common function of Trojan horses?

Logging keystrokes to steal credentials (D)

How can a user become infected by a Trojan horse?

By visiting a rogue website (B)

Which file extension is typically associated with Trojan horses?

.exe (A)

What is a common symptom of adware infection on a mobile device?

Apps taking longer to load (D)

Which of the following does NOT describe a sign of adware infection?

Increased storage space (C)

What method is typically used for removing adware?

Using legitimate anti-malware software (D)

Which of the following is a characteristic of adware?

Breaches user privacy for malicious purposes (D)

What is NOT a way through which a user can be infected with a Trojan horse?

Vaccinating the system regularly (A)

Study Notes

Malicious Software

• Malicious software or malware, is any malicious program that causes harm to a computer system or network.
• Malware attacks a computer or network in the form of viruses, worms, trojans, spyware, adware or rootkits.

Computer Virus

• Self-replicating malicious software that attaches itself to other files/programs.
• Executes secretly when the host program/file is activated.
• There are two main types of computer viruses: Non-resident and resident

Non-Resident Virus

• Viruses that do not live in the computer’s memory.
• Infect executable files when programs are not running.
• Immediately start searching for other hosts that could be infected, infect them and transfer control to the application program.

Resident Virus

• Latches itself onto the computer’s memory, granting it the freedom to attack any file or application on the device (including anti-virus software).
• Can come from corrupted drives or disks, or from suspicious links or downloads.

Worms

• Self-replicating computer virus.
• Uses a network to send copies of itself to other nodes without user intervention.
• Does not delete system's files, modify existing files, install Trojan horses, record or transmit decrypted passwords, capture super user privileges.

I Love You Virus

• Also known as Love Letter.
• A computer worm that attacked tens of millions of Windows computers on May 6, 2000.
• Spread as an email message with the subject line "ILOVEYOU" and the attachment "LOVE-LETTER-FOR-YOU.txt.vbs".
• Created and distributed by Onel de Guzman, a young Filipino computer programmer.

Worms

• Jerusalem: The first known computer worm, discovered in 1987.
• Morris Worm: Launched in 1988 by Robert Morris, a US student who wanted to discover the size of the internet.
• Storm Worm: An email worm launched in 2007.
• SQL Slammer: Unique worm that didn’t utilize traditional distribution methods.

Morris Worm

• Launched a few dozen lines of code with bugs that caused problems on affected hosts.
• Caused thousands of overloaded computers running on UNIX and financial damage between 10millionand10 million and 10millionand100 million.

Storm Worm

• Sent 1.2 billion emails over ten years to create a botnet targeting popular websites.
• Experts believe there are still millions of infected computers.

SQL Slammer

• Generated random IP addresses and sent itself to them hoping they weren't protected by antivirus software.
• Infected over 75,000 computers, unknowingly involved in DDoS attacks on websites.

Ransomware

• Locks and encrypts a victim's data, files, devices or systems.
• Makes them inaccessible until the attacker receives a ransom payment.

Trojan Horses

• Malicious program designed as authentic, real and genuine software.

What Trojans Can Do

• Erase or overwrite data on a computer.
• Spread other viruses or install a backdoor.
• Set up networks of zombie computers to launch DDoS attacks or send spam.
• Logging keystrokes to steal passwords and credit card numbers.
• Phish for account details.
• Destroy data.

How You Can Be Infected By Trojans

• Visiting a rogue website.
• Receiving files through messengers.
• Opening attachments on emails.
• Trojan horses via SMTP.
• Opening bogus web pages.
• Copying a file from someone else.
• Downloading a file.
• Installing a program.

Adware

• Not technically malicious, but breaches user privacy for malicious purposes.
• Displays ads on the computer’s desktop or inside individual programs.
• Can get onto mobile phones through entertainment or gaming apps.

Signs of Adware Infection

• Unexpected changes in your browser home page.
• Web pages not displaying correctly.
• Overwhelmed with pop-up ads.
• Slow device performance.
• Device crashing.
• Reduced internet speeds.
• Redirected internet searches.
• Random appearance of a new toolbar or browser add-on.
• Phone is slow.
• Apps take longer to load.
• Battery drains quickly.
• Unexplained data usage and higher phone bills.
• Numerous ad pop-ups.

How To Remove Adware

• Create a backup of the data.
• Download or update security software.
• Uninstall unused programs.
• Use an adware and cleanup application.

Spyware

• Malware that watches and tracks user actions and collects personal data.
• Installed on the user's computer to provide profit to a third party by collecting data without awareness.
• Steals passwords and personal information by running in the background of the system.

Rootkit

• Malicious software that alters the regular functionality of an OS in a stealthy manner.

Why Rootkits Are So Dangerous

• They’re sneaky: Spread through corrupt downloads, spam emails, and exploit kits.
• They’re stealthy: Don’t display many symptoms.
• They’re capable: Multiple capabilities.

Types of Rootkits

• Bootloader rootkit: Infiltrates bootloader mechanism and infects the computer before the OS is loaded.
• Firmware rootkit: Hides within firmware making it difficult to find.
• Kernel rootkit: Attacks the core component of your computer and gives threat actors control.
• Application rootkit: Modifies files with rootkit code, giving access to the machine every time those files are run.
• Memory rootkit: Resides on RAM and can slow down the device, can be cleared by restarting the computer.

How To Detect and Remove Rootkits

• System crashes.
• Software malfunctions.
• Antivirus crash.
• Try an anti-rootkit scan and reinstall security software.

Description

This quiz covers the essential concepts of malicious software, commonly referred to as malware, and delves into the specifics of computer viruses. It explores the difference between non-resident and resident viruses and how they infect systems. Test your knowledge on this critical topic in computer security.