Malicious Software Overview

Questions and Answers

A non-resident virus resides in the computer's memory.

False (B)

Malicious Software is synonymous with the term Malware.

True (A)

A computer worm needs user intervention to spread to other nodes.

False (B)

Resident viruses can attack any file or application on a device.

True (A)

Malicious malware software can be transmitted through viruses, worms, and trojans.

True (A)

Computer viruses are incapable of replicating themselves.

False (B)

Worms can modify existing files on the system.

False (B)

Rootkits are a type of malicious software.

True (A)

The I LOVE YOU virus was written in Python.

False (B)

The Morris Worm was launched in 1988.

True (A)

The Storm Worm was an email worm launched in 2000.

False (B)

Ransomware locks and encrypts a victim's data until a ransom is paid.

True (A)

SQL Slammer utilized traditional methods to distribute itself.

False (B)

Onel de Guzman was a young Filipino responsible for creating the I LOVE YOU virus.

True (A)

Trojan horses can spread other viruses or install a backdoor.

True (A)

Jerusalem was the first known computer worm discovered in 1990.

False (B)

Spyware programs install themselves on the user's computer without their awareness.

True (A)

A rootkit can only spread through physical connection to the computer.

False (B)

Firmware rootkits can be easily detected by standard cybersecurity tools.

False (B)

Memory rootkits reside on a computer's RAM and can affect performance.

True (A)

Application rootkits are benign and do not modify regular files.

False (B)

Rootkits are referred to as the Swiss Army Knives of malware because of their multiple capabilities.

True (A)

System crashes are often a sign of rootkit infections affecting important system components.

True (A)

Uninstalling unnecessary programs can help protect against spyware infections.

True (A)

A computer can be infected with Trojans by opening an email attachment.

True (A)

Adware is considered a highly malicious type of software.

False (B)

Key loggers are a type of Trojan that logs keystrokes to steal personal information.

True (A)

The Trojan horse is always a text file with a .txt extension.

False (B)

Signs of mobile adware can include unexplained data usage and numerous ad pop-ups.

True (A)

Being redirected during internet searches can be a sign of adware infection.

True (A)

Downloading any file from a legitimate website is completely safe from Trojan infections.

False (B)

Adware only affects desktop computers and cannot be found on mobile devices.

False (B)

Software malfunctions such as slowdowns and mysterious settings changes can be signs of a rootkit.

True (A)

A rootkit will always cause your antivirus software to deactivate.

False (B)

Running an anti-rootkit scan is unnecessary if your antivirus is functioning properly.

False (B)

Removing a rootkit may require the reinstallation of cybersecurity software after scanning.

True (A)

Antivirus crashes are a definitive indicator of a rootkit infection.

False (B)

Flashcards are hidden until you start studying

Study Notes

Malicious Software Overview

• Malicious Software (Malware) is any program that causes harm.
• Malware Attacks involve inserting malicious code to disrupt or destroy a system.
• Types of Malware: Viruses, Worms, Trojans, Spyware, Adware, Rootkits.

Computer Virus

• A computer virus self-replicates and attaches to files or programs.
• Virus Activation: Executions occurs when the host file is opened.
• Two types of Viruses: Non-resident and Resident.

Non-Resident Virus

• Non-resident viruses do not reside in computer memory.
• They infect executable files when programs are not running.
• They immediately search for other hosts to infect.
• They transfer control to the infected application program.

Resident Virus

• Resident viruses reside in computer memory.
• They attack any file or application, including antivirus software.
• Sources: Corrupted drives, disks, suspicious links, or downloads.

Worms

• A worm is a self-replicating computer virus.
• Network Propagation: Worms spread through networks without user interaction.
• Impact: They do not delete system files, modify existing files, install Trojans, or capture user credentials.

"I LOVE YOU" Virus

• Common Name: Love Letter.
• Type: Computer worm.
• Operating System: Microsoft Windows.
• Written in: VBScript.
• Responsible: Onel de Guzman, a Filipino programmer.
• Transmission: Email with subject "ILOVEYOU" and attachment "LOVE-LETTER-FOR-YOU.txt.vbs".

Famous Worms

• Jerusalem: The first known computer worm discovered in 1987.
• Morris Worm: Launched in 1988 by Robert Morris to measure the internet size.
• Storm Worm: Launched in 2007 as fake news about a storm wave, targeting popular websites.
• SQL Slammer: A unique worm, it used random IP addresses to spread.
• Botnet: A network of infected computers controlled by an attacker.

Ransomware

• Ransomware encrypts a victim's data, files, devices, or systems.
• Purpose: To demand ransom payment for decryption.

Trojan Horses

• Trojan Horses are disguised as authentic software.
• Trojan Horse Functionality:
  • Erase or overwrite data.
  • Spread other viruses.
  • Establish zombie networks for DDoS attacks or spam.
  • Steal passwords and credit card numbers (key logger).
  • Phish for account details.
  • Destroy data.

Trojan Infection Sources

• Websites: Rogue websites.
• Instant Messaging: Files shared through messengers.
• Email: Attachments in emails.
• SMTP: Trojan horses transmitted via SMTP (Simple Mail Transfer Protocol).
• File Extensions: .exe, .com, .scr, .bat, .pif.

Adware

• Adware: Not inherently malicious but breaches user privacy.
• Purpose: Display advertisements.
• Display Methods: Pop-up windows on desktops or inside programs.
• Mobile Infection: Through apps in entertainment and gaming categories.

Adware Infection Signs

• Unexpected changes in browser homepage.
• Incorrect web page displaying.
• Excessive pop-up ads.
• Slow device performance.
• Device crashing.
• Reduced internet speeds.
• Redirected internet searches.
• New toolbar or browser add-ons appearing.

Mobile Adware Infection Signs

• Slow phone performance.
• Slow app loading.
• Quickly draining battery.
• Unknown apps installed.
• Unexplained data usage.
• Higher-than-expected phone bills.
• Frequent ad pop-ups.

Removing Adware

• Create a data backup.
• Download or update security software.
• Uninstall unused programs.
• Use adware removal and cleanup applications.

Spyware

• Spyware: Monitors user actions and collects personal data.
• Installation: Usually installs itself on the user's computer.
• Purpose: Profit by collecting data without user consent.
• Impact: Steals passwords and personal information.

Spyware Types

• Keystroke Loggers: Record user keystrokes to capture sensitive information.
• Screen Capture Programs: Record screen activity.
• Web Browser History Trackers: Track browsing history.
• Packet Sniffers: Monitor network traffic to intercept sensitive information.
• Cookie Droppers: Inject cookies to capture browsing data.

Rootkit

• Rootkit: A type of malware that alters the operating system's functionality stealthily.
• Purpose: To gain unauthorized control over a computer.

Rootkit Capabilities

• Stealthy: Rootkits can hide from traditional security tools.
• Capable: Rootkits can perform various malicious actions.
• Sneaky: Rootkits can spread through deceptive methods like corrupt downloads, spam emails, and exploit kits.

Rootkit Types

• Bootloader Rootkit: Infects the bootloader to gain control before the operating system loads.
• Firmware Rootkit: Hides in firmware making detection difficult.
• Kernel Rootkit: Infects the operating system's kernel, giving attackers significant control.
• Application Rootkit: Modifies files with rootkit code, providing access when infected files are run.
• Memory Rootkit: Resides in RAM, slowing down the computer and performing malicious tasks.

Rootkit Detection and Removal

• System crashes: Rootkits can cause system crashes.
• Software malfunctions: Slowdowns, settings changes, or browser malfunctions.
• Antivirus crashes: Antivirus software may deactivate due to rootkit presence.
• Anti-rootkit scans: Use specialized tools to detect rootkits.

Tips for Staying Safe

• Install antivirus software: Protect your system from malware.
• Keep software up-to-date: Patches fix vulnerabilities.
• Be cautious about downloads: Only download from trusted sources.
• Beware of suspicious emails: Do not open attachments from unknown senders.
• Use strong passwords: Make it harder for attackers to guess your passwords.
• Enable security features: Use firewalls and other security measures.
• Back up your data: Protect your data from loss.
• Be aware of phishing attempts: Recognize and avoid scams.
• Don't click on suspicious links: Only visit trusted websites.
• Stay informed: Keep up with the latest security threats.