Malware and Cybercrime

Questions and Answers

What is the primary goal of malware according to NIST 800-83?

• To provide user-friendly interfaces
• To compromise the confidentiality, integrity, or availability of a system (correct)
• To improve the performance of a system
• To provide additional functionality to a system

What is the term for malicious hacker tools used to break into new machines remotely?

• Auto-rooter (correct)
• Backdoor
• Downloader
• Attack Kit

What is the purpose of a downloader in malware?

• To install other items on a machine that is under attack (correct)
• To uninstall malware from a system
• To install malware on a system
• To remove viruses from a system

What type of malware is directed at business and political targets, using a wide variety of intrusion technologies and malware, applied persistently and effectively to specific targets over an extended period?

Advanced persistent threat (C)

What is the term for a mechanism that bypasses a normal security check, allowing unauthorized access to functionality in a program or onto a compromised system?

Backdoor (C)

What is an attack that uses code in a compromised web site to exploit a browser vulnerability and attack a client system when the site is viewed?

Drive-by download (A)

What is a common method used by worms to evade detection?

Polymorphic technique (D)

What is the advantage of using a worm to spread malicious payloads?

They can compromise a large number of systems rapidly (B)

What is a zero-day exploit?

An unknown vulnerability that is only discovered by the general network community when the worm is launched (D)

What is the purpose of metamorphic worms' behavior patterns?

To unleash behavior patterns at different stages of propagation (A)

What was significant about the year 2015 in terms of zero-day exploits?

It was the year when the number of zero-day exploits significantly increased (D)

How do worms typically penetrate systems?

Through exploiting Web servers, browsers, e-mail, and other network-based applications (A)

What is the primary purpose of a flooders?

To generate a large volume of data to attack networked computer systems (D)

What is a typical characteristic of a logic bomb?

It lies dormant until a predefined condition is met (A)

What is the primary function of a spyware?

To collect information from a computer and transmit it to another system (A)

What is a rootkit typically used for?

To set up a hidden backdoor in a computer system (A)

What is the main difference between a macro virus and other types of viruses?

It uses macro or scripting code to replicate itself (B)

What is a zombie or bot?

A computer program that appears to have a useful function but also has a hidden malicious function (B)

What is a type of malware that tries to replicate itself into other executable machine or script code?

Virus (A)

Which type of malware is a computer program that can run independently and can propagate a complete working version of itself onto other hosts on a network?

Worm (D)

What is the primary mechanism by which viruses spread?

Infection of existing content (D)

What is an example of a payload action performed by malware once it reaches a target system?

All of the above (D)

What is the term used to describe the development and deployment of malware that requires considerable technical skill by software authors?

Virus-creation toolkits (D)

Which type of malware is known for its ability to mutate with every infection?

Metamorphic virus (A)

What is the term used to describe a computer worm that uses network connections to spread from system to system?

Network worm (C)

What is the primary mechanism by which worms spread?

Exploit of software vulnerabilities (D)

What is the term used to describe a type of malware that infects documents and uses the macro programming capabilities of the document’s application to execute and propagate?

Macro virus (C)

What is the term used to describe a type of malware that carries some form of payload, such as a virus or Trojan, and uses social engineering tactics to trick users into executing the malware?

Trojan (D)

What was the WannaCry Ransomware attack that spread rapidly in May 2017?

A worm that aggressively scanned both local and remote networks, attempting to exploit a vulnerability in the SMB file sharing service on unpatched Windows systems (D)

What is mobile code according to NIST SP 800-28?

Programs that can be shipped unchanged to a heterogeneous collection of platforms and executed with identical semantics (A)

What is the primary goal of a ransomware attack?

To demand a ransom payment in exchange for recovering encrypted files (B)

What is a backdoor?

A program or utility containing harmful hidden code (B)

What is the primary goal of a phishing attack?

To steal sensitive information by masquerading as a trusted source (B)

What is a rootkit?

A set of hidden programs installed on a system to maintain covert access to that system (C)

What is the ideal solution to the threat of malware?

Prevention through policy, awareness, vulnerability mitigation, and threat mitigation (B)

What is sandbox analysis?

Running potentially malicious code in an emulated sandbox or on a virtual machine to test its behavior (B)

What is a drive-by-download?

Exploiting browser and plugin vulnerabilities to download and install malware on a system without the user's knowledge or consent (C)

What is the primary goal of a spyware?

To monitor the compromised machine to allow monitoring of a wide range of activity on the system (B)