Malware and Cybercrime

Questions and Answers

What is the primary goal of malware according to NIST 800-83?

To provide user-friendly interfaces

To compromise the confidentiality, integrity, or availability of a system (correct)

To improve the performance of a system

To provide additional functionality to a system

What is the term for malicious hacker tools used to break into new machines remotely?

Auto-rooter (correct)

Backdoor

Downloader

Attack Kit

What is the purpose of a downloader in malware?

To install other items on a machine that is under attack (correct)

To uninstall malware from a system

To install malware on a system

To remove viruses from a system

What type of malware is directed at business and political targets, using a wide variety of intrusion technologies and malware, applied persistently and effectively to specific targets over an extended period?

Advanced persistent threat

What is the term for a mechanism that bypasses a normal security check, allowing unauthorized access to functionality in a program or onto a compromised system?

Backdoor

What is an attack that uses code in a compromised web site to exploit a browser vulnerability and attack a client system when the site is viewed?

Drive-by download

What is a common method used by worms to evade detection?

Polymorphic technique

What is the advantage of using a worm to spread malicious payloads?

They can compromise a large number of systems rapidly

What is a zero-day exploit?

An unknown vulnerability that is only discovered by the general network community when the worm is launched

What is the purpose of metamorphic worms' behavior patterns?

To unleash behavior patterns at different stages of propagation

What was significant about the year 2015 in terms of zero-day exploits?

It was the year when the number of zero-day exploits significantly increased

How do worms typically penetrate systems?

Through exploiting Web servers, browsers, e-mail, and other network-based applications

What is the primary purpose of a flooders?

To generate a large volume of data to attack networked computer systems

What is a typical characteristic of a logic bomb?

It lies dormant until a predefined condition is met

What is the primary function of a spyware?

To collect information from a computer and transmit it to another system

What is a rootkit typically used for?

To set up a hidden backdoor in a computer system

What is the main difference between a macro virus and other types of viruses?

It uses macro or scripting code to replicate itself

What is a zombie or bot?

A computer program that appears to have a useful function but also has a hidden malicious function

What is a type of malware that tries to replicate itself into other executable machine or script code?

Virus

Which type of malware is a computer program that can run independently and can propagate a complete working version of itself onto other hosts on a network?

Worm

What is the primary mechanism by which viruses spread?

Infection of existing content

What is an example of a payload action performed by malware once it reaches a target system?

All of the above

What is the term used to describe the development and deployment of malware that requires considerable technical skill by software authors?

Virus-creation toolkits

Which type of malware is known for its ability to mutate with every infection?

Metamorphic virus

What is the term used to describe a computer worm that uses network connections to spread from system to system?

Network worm

What is the primary mechanism by which worms spread?

Exploit of software vulnerabilities

What is the term used to describe a type of malware that infects documents and uses the macro programming capabilities of the document’s application to execute and propagate?

Macro virus

What is the term used to describe a type of malware that carries some form of payload, such as a virus or Trojan, and uses social engineering tactics to trick users into executing the malware?

Trojan

What was the WannaCry Ransomware attack that spread rapidly in May 2017?

A worm that aggressively scanned both local and remote networks, attempting to exploit a vulnerability in the SMB file sharing service on unpatched Windows systems

What is mobile code according to NIST SP 800-28?

Programs that can be shipped unchanged to a heterogeneous collection of platforms and executed with identical semantics

What is the primary goal of a ransomware attack?

To demand a ransom payment in exchange for recovering encrypted files

What is a backdoor?

A program or utility containing harmful hidden code

What is the primary goal of a phishing attack?

To steal sensitive information by masquerading as a trusted source

What is a rootkit?

A set of hidden programs installed on a system to maintain covert access to that system

What is the ideal solution to the threat of malware?

Prevention through policy, awareness, vulnerability mitigation, and threat mitigation

What is sandbox analysis?

Running potentially malicious code in an emulated sandbox or on a virtual machine to test its behavior

What is a drive-by-download?

Exploiting browser and plugin vulnerabilities to download and install malware on a system without the user's knowledge or consent

What is the primary goal of a spyware?

To monitor the compromised machine to allow monitoring of a wide range of activity on the system