Malware Threats and Distribution Methods

Questions and Answers

What type of malware is specifically designed to take control of a computer system for the purpose of theft or fraud?

Spyware

Worm

Adware

Trojan Horse (correct)

Which method of malware distribution involves tricking users into clicking on seemingly harmless web pages?

Blackhat Search Engine Optimization

Social Engineered Click-jacking (correct)

Drive-by Downloads

Malvertising

What is a common technique hackers use to embed malware in advertisements across legitimate websites?

Spearphishing

Blackhat SEO

Malvertising (correct)

Drive-by Downloads

Which step is NOT part of infecting a system using a Trojan?

Create a firewall

How can malware commonly enter a system through legitimate software?

Shrink-wrapped software packaged by a disgruntled employee

What is the primary function of a wrapper in the context of a Trojan executable?

To disguise the Trojan by bundling it with an innocuous application

What allows a Command Shell Trojan to provide remote control over a victim's machine?

Deployment of a Trojan server that opens a port for connections

How does a Remote Access Trojan establish communication with an attacker?

Through the creation of a direct connection using an established port

What is a common method used by Botnet Trojans to control infected computers?

Control via a centralized Command and Control (C&C) center

Which tactic should be avoided to evade detection by anti-virus software?

Using Trojans that are available for download from the internet

What is a primary characteristic of a computer virus?

Infects other programs

At which stage does a virus get activated?

Launch

Which of the following is NOT a reason people create computer viruses?

Enhancing system performance

How do encryption viruses evade detection by antivirus software?

They encrypt their code with different keys

What differentiates a computer worm from a virus?

Worms can replicate independently

What is the first stage in the life cycle of a virus?

Design

Which method is commonly exploited to infect computers with viruses?

Opening infected email attachments

What is the purpose of antivirus software in the context of viruses?

To eliminate virus threats

What is a key characteristic of worms compared to viruses?

They primarily replicate and consume resources

Which of the following actions increases the risk of computer virus infection?

Not running antivirus applications

Which protocol is known to be vulnerable to sniffing due to sending data in clear text?

FTP

At which layer of the OSI model do sniffers primarily operate?

Data Link Layer

What type of device captures network signals without altering the traffic?

Hardware Protocol Analyzer

Which of the following is NOT a protocol identified as vulnerable to sniffing?

TLS

What can be extracted from redirected traffic by an attacker in a sniffing attack?

Usernames and passwords

What does a sniffer do in the context of network security?

Monitors and captures data packets on the network

What feature is utilized by a sniffer to listen to all transmitted data on its network segment?

Promiscuous Mode

Which of the following describes passive sniffing?

Monitoring packets without sending additional data

Which active sniffing technique involves overwhelming a switch's memory?

MAC Flooding

In a modern network, why is hub usage considered outdated?

Hubs send traffic to all ports, allowing easy interception

What is the primary function of a hardware protocol analyzer?

To capture, decode, and analyze data packets

Which type of wiretapping involves monitoring and also altering the communication traffic?

Active wiretapping

What is required for lawful interception in a communication system?

A request for wiretap authorized by a court

What is the primary purpose of PRISM as a wiretapping case study?

To collect and process foreign intelligence

What is the difference between active and passive wiretapping?

Active wiretapping modifies the traffic while passive does not

Which of the following best describes passive wiretapping?

It records data without altering the communications

Which piece of hardware is used for monitoring and analyzing network traffic?

Protocol analyzer

What makes wiretapping without consent a criminal act in most countries?

It infringes on privacy rights

In the lawful interception process, what role does the service provider play?

Sets an access switch/tap on an exchange router

What is the significance of a Central Management Server (CMS) in lawful interception?

It stores intercepted data for future access

What is the primary goal of a passive online attack using wire sniffing?

To record and analyze raw network traffic

Which of the following is a characteristic of a rainbow table attack?

It relies on comparing captured hashes with precomputed hash tables

What is a requirement for successfully executing a replay attack?

Trusted access must be established on both sides of the communication

What is a recommended practice to defend against password cracking?

Implementing a password change policy every 30 days

Which of the following accurately describes the function of a Man-in-the-Middle (MITM) attack?

Attacker captures and modifies messages in transit between two parties

What is the primary goal of escalating privileges during the system hacking stage?

To acquire rights of another user or an admin

Which of the following techniques is NOT typically used for hiding files during system hacking?

Phishing

Which password cracking technique involves direct interaction with the victim machine?

Brute Forcing Attack

What is the illegal practice of accessing someone's passwords using available vulnerabilities in systems referred to as?

Active Online Attack

What is a primary characteristic of a dictionary attack?

It relies on a list of possible passwords to test against user accounts.

Which method used during system hacking is primarily focused on clearing logs to hide evidence of compromise?

Covering Tracks

What is an example of offline attack methods?

Trying combinations of passwords using a local copy of a password file.

What is the main approach of a brute forcing attack?

Trying every conceivable combination of characters until the password is cracked.

What is a significant challenge with password guessing attacks?

High failure rate due to the random nature of potential passwords.

Which step is NOT part of a Trojan/Spyware/Keylogger attack?

Sending stolen credentials directly to the victim.

What is the best technique to defend against privilege escalation?

Implementing multi-factor authentication

Which type of privilege escalation involves gaining higher privileges than the existing ones?

Vertical Privilege Escalation

Which of the following actions could lead to account lockout due to too many incorrect password attempts?

Implementing brute force attacks on accounts

What should be avoided when creating strong passwords?

Including personal information like birthdays

What does executing malicious applications involve during an attack?

Gathering information for exploitation

Study Notes

Malware Threats

• Malware is malicious software designed to damage or disable computer systems. It grants limited or full control to the creator for theft or fraud.
• Examples of malware include Trojan horses, viruses, backdoors, worms, rootkits, spyware, ransomware, botnets, adware, and crypters.

Different Ways Malware Enters a System

• Instant messaging applications (e.g., IRC)
• Browser and email software bugs
• Removable devices
• Attachments
• Legitimate software (packaged by disgruntled employees)
• Fake programs
• Untrusted websites and freeware software
• Downloading files, games, screensavers from the internet

Common Techniques for Distributing Malware

• Blackhat SEO: Ranking malware pages highly in search engine results.
• Social Engineering: Tricking users to click on innocent-looking webpages (Click-jacking).
• Malvertising: Embedding malware in ad networks displayed on legitimate high-traffic sites.
• Spearphishing: Mimicking legitimate institutions to steal login credentials.
• Compromised websites: Hosting embedded malware that spreads to unwitting visitors.
• Drive-by Downloads: Exploiting browser software flaws to install malware just by visiting a website.

How Hackers Use Trojans

• Delete or replace critical operating system files.
• Disable firewalls and antivirus software.
• Generate fake traffic to create denial-of-service (DoS) attacks.
• Record screenshots, audio, and video of the victim's PC.
• Use the victim's PC for spamming and blasting emails.
• Download spyware, adware, and malicious files.
• Create backdoors to gain remote access.
• Infect the victim's PC as a proxy server to relay attacks.
• Use the victim's PC as a botnet to perform DDoS attacks.
• Steal information (passwords, security codes, credit cards) using keyloggers.

How to Infect Systems Using a Trojan

• Create a new Trojan packet using a Trojan Horse Construction Kit.
• Create a dropper to install the malicious code onto the target system.
• Create a wrapper to hide the Trojan.
• Propagate the Trojan (spread it).
• Execute the dropper.
• Execute the damage routine.

Wrappers

• Trojans can be bundled with seemingly innocent applications (e.g., games, office apps) using wrappers.
• Wrappers hide Trojans inside legitimate-looking files (Chess.exe, File Size: 110 KB).
• Attackers use wrappers for deceptive greetings.

Command Shell Trojans

• Command shell Trojans give remote control of a command shell on a victim's machine.
• A Trojan server is installed on the victim's machine, opening a port for the attacker's client to connect.
• The attacker's client installs on their machine to launch the command shell on the target machine.

Remote Access Trojans (RATs)

• These Trojans act like remote desktop access software.
• Hackers gain complete GUI access to the remote system.
• Victim computers are infected with server.exe and Reverse Connecting Trojan.
• Trojans connect to port 80 to the attacker in Russia (and other locations).
• Attackers have complete control over the victim's machine.

Botnet Trojans

• Botnet Trojans infect multiple computers to create a botnet controlled by a central location (C&C center).
• Botnets launch denial-of-service attacks, spam campaigns, click fraud, and financial theft.

Evading Anti-Virus Techniques

• Breaking the Trojan into multiple pieces and zipping it.
• Writing custom Trojans and embedding them into applications.
• Changing Trojan syntax to evade detection.
• Altering file content and checksums (using hex editors).
• Converting executable files to other types (e.g., script files).
• Downloading Trojans from the internet (evading detection).

Introduction to Viruses

• Viruses replicate by attaching themselves to other programs, computer boot sectors, or documents.
• Viruses spread through downloads, infected disks/flash drives, and email attachments.
• Virus characteristics include infecting other programs, altering data, transforming themselves, corrupting files/programs, encrypting themselves, and self-replicating.

Stages of Virus Life

• Design: Creating the virus using programming kits or languages.
• Replication: Virus replicates in the targeted system.
• Launch: Virus activates.
• Detection: Anti-malware software identifies virus as threat.
• Incorporation: Anti-malware developers adapt to the virus to avoid vulnerability.
• Elimination: Users eliminate virus threats.

Why People Create Computer Viruses

• Inflict damage to competitors.
• Financial benefits.
• Research projects.
• Cyber terrorism.
• Play pranks.
• Vandalism.

How Computers Get Infected By Viruses

• Accepting files or downloads without proper verification.
• Opening infected email attachments.
• Installing pirated software (unverified).
• Failing to keep software/plug-ins updated.
• Not running the latest anti-virus/anti-malware software.

Encryption Viruses

• Encryption viruses encrypt the code. The encrypted virus has a different key for each infected file.
• Anti-virus scanners can't directly detect these, as they utilize encryption methods.

Computer Worms

• Computer worms are malicious programs that replicate, execute, and spread across networks autonomously.
• They spread through network connections.
• Worms may carry a payload (for damage).
• Some worms use infected computers to create large botnets.

How Worms Differ from Viruses

• Worms can replicate independently without attaching to other programs.
• Worms use network resources to spread.
• Viruses need to attach to a host to spread, whereas worms can replicate and spread independently.

Anti-Virus Sensor Systems

• Detect and analyze malicious code threats (viruses, worms, and Trojans)

How to Detect Trojans

• Scan for suspicious open ports.
• Scan for suspicious startup programs.
• Scan for suspicious running processes.
• Scan for suspicious files and folders.
• Scan for suspicious registry entries.
• Scan for suspicious network activities.
• Scan for suspicious device drivers.
• Scan for suspicious Windows services.
• Run Trojan scanner to detect Trojans.

Trojan Countermeasures

• Avoid opening email attachments from unknown senders.
• Install security updates for operating systems and applications.
• Block unnecessary ports and use a firewall.
• Avoid accepting programs through instant messaging.
• Harden weak default configuration settings for programs.
• Monitor internal network traffic for unusual ports or encrypted traffic.
• Scan CDs and DVDs with antivirus before use.
• Restrict application permissions.
• Avoid downloading applications or files from untrusted sources.
• Maintain local workstation file integrity.
• Employ anti-virus and intrusion detection software.

Backdoor Countermeasures

• Use commercial anti-virus software to automatically scan and detect backdoors.
• Educate users about safe application installation practices.
• Use anti-virus tools like McAfee or Norton to detect and eliminate the backdoors.

Virus and Worms Countermeasures

• Install effective anti-virus software.
• Pay attention to download instructions from legitimate sources.
• Avoid opening attachments from unknown senders.
• Generate an anti-virus policy for appropriate computing practices.
• Update antivirus software regularly.
• Back up data regularly in the event of virus infection.
• Do not accept disks or programs without verifying their safety.
• Implement anti-virus software to detect infections.
• Ensure all executable code complies with organization policy.
• Do not boot from infected bootable disks.
• Stay informed about the latest virus threats.
• Implement internet security policies.
• Use antivirus/firewall for protection.
• Be cautious with instant messages.

Anti-Virus Tools

• List of popular anti-virus tools provided. (specific URLs for each provided).

Description

Explore the various types of malware and the techniques used to distribute them in this quiz. From Trojan horses to spearphishing, learn about the vulnerabilities that malicious software exploits. Understand how malware can penetrate systems and the risks associated with online activities.