Malware Threats and Entry Points

Questions and Answers

Malware can only get into a system through removable devices.

False

Social Engineered Click-jacking is a technique where users are tricked into clicking on seemingly harmless webpages.

True

Drive-by Downloads require users to actively download malware from a website.

False

A Trojan can be used to disable a computer's firewall and antivirus software.

True

Ransomware is a type of malware designed to record audio and video from a victim's computer.

False

A wrapper binds a Trojan executable with an innocent looking application, allowing it to install in the background while showing a fake interface.

True

Botnet Trojans can only infect computers within a localized area, limiting their reach.

False

Changing a Trojan's syntax, such as converting an EXE file to VB script, is a technique used to evade anti-virus detection.

True

A Remote Access Trojan allows an attacker to gain complete GUI access to a victim's machine.

True

Viruses are programs that require a user to run them in order to replicate and spread.

True

A virus cannot replicate itself without human interaction.

True

Encryption viruses can be detected directly using standard signature detection methods.

False

Computer worms require user interaction to spread across a network.

False

The incorporation stage of a virus life cycle involves the development of new variants of the virus.

False

Vandalism is one of the reasons people might create computer viruses.

True

Self-replication is a characteristic of computer viruses.

True

Installing pirated software can potentially lead to a computer being infected by viruses.

True

Computer worms can attach themselves to other programs like viruses do.

False

The launch stage of a virus' life cycle occurs when it is activated by the user.

True

Antivirus software can effectively eliminate all types of computer viruses without regular updates.

False

Passive sniffing requires the use of switches to capture all network traffic.

False

Active sniffing techniques can mislead a switch's Content Addressable Memory table.

True

In promiscuous mode, a network interface controller (NIC) can capture traffic intended for all devices on a network segment.

True

Modern networks primarily utilize hubs to send traffic to all connected devices.

False

Sniffing is simply the act of sending packets within a network to observe traffic patterns.

False

Protocols vulnerable to sniffing do not include HTTPS.

True

A hardware protocol analyzer is designed to change the network traffic it captures.

False

Sniffers can operate independently of the upper layers of the OSI model.

True

Keystrokes including user names and passwords are protected when transmitted over Telnet.

False

The initial compromise occurs at the Physical layer of the OSI model.

False

Active wiretapping only monitors and records the traffic without altering it.

False

Wiretapping without a warrant or consent is considered legal in most countries.

False

Lawful interception requires a court order for intercepting data communication.

True

Keysight N2X N5540A is classified as a protocol analyzer hardware.

True

PRISM is a tool designed for monitoring domestic data communication exclusively.

False

Passive wiretapping can alter the content of the communication being monitored.

False

The FLUKE Networks OptiView® XG Network Analyzer is one of the tools used for wiretapping.

False

An access switch/tap is used in lawful interception to monitor data communication.

True

Wiretapping can only be done for traditional telecommunications and not for VoIP.

False

The NSA uses PRISM to wiretap a large volume of domestic internet traffic.

False

A dictionary attack uses a file loaded with potential password combinations to crack user accounts.

True

Rainbow tables are an example of an online attack where the attacker cracks passwords in real-time on the victim's system.

False

Brute forcing attacks attempt every possible password combination until the correct one is found.

True

Default passwords are unique to each individual device and cannot be exploited by attackers.

False

Trojan, spyware, and keylogger attacks involve physically infecting a victim's machine without their knowledge.

True

Password cracking techniques are only used through electronic means.

False

Escalating privileges in system hacking refers to acquiring the rights of another user or an admin.

True

Covering tracks involves creating evidence of compromise.

False

Active online attacks require the attacker to communicate directly with the victim machine.

True

Rootkits are primarily used for password cracking.

False

In a replay attack, an attacker captures packets and authentication tokens and uses them later to gain access.

True

Rainbow table attacks make it extremely difficult to recover passwords from captured hashes.

False

Packet sniffing tools can only capture data over wireless networks.

False

Enabling information security audits is an effective measure against password attacks.

True

Man-in-the-Middle attacks are relatively easy to perpetrate as it does not require trust from any party.

False

Vertical privilege escalation involves assuming the identity of another user with the same privileges.

False

Using a strong password for SYSKEY is recommended to protect the SAM database.

True

Running users and applications on the least privileges is a method to prevent privilege escalation.

True

Monitoring logs for brute force attacks is unnecessary if accounts are locked after multiple incorrect guesses.

False

Encrypting sensitive data can protect it from unauthorized access during privilege escalation attacks.

True

Study Notes

Malware Threats

• Malware is malicious software damaging or disabling systems, giving the creator control for theft or fraud.
• Examples include Trojan horses, viruses, backdoors, worms, rootkits, spyware, ransomware, botnets, adware, and crypters.

Malware Entry Points

• Malware can enter systems via instant messenger applications (like IRC), removable devices, email attachments, malicious software disguised as legitimate software, browser/email bugs, NetBIOS (file-sharing), fake programs, untrusted websites/freeware, or downloads from internet sites.

Malware Distribution Techniques

• Blackhat SEO: Ranking malware pages highly in search results.
• Malvertising: Embedding malware in legitimate, high-traffic ad networks.
• Spearphishing: Mimicking legitimate institutions to steal login credentials.
• Compromised Websites: Hosting malware that spreads to visitors.
• Drive-by Downloads: Exploiting browser flaws to install malware on web visits.

Trojan Horse Usage by Hackers

• Trojans allow hackers to delete or replace critical system files.
• They can disable firewalls and antivirus.
• Trojans also generate fake traffic to create denial-of-service attacks (DoS).
• Recording victim's screen activity, audio, and video is also possible.
• Hackers use victim's PC for spamming and email blasting and malicious software downloads.
• Information theft includes passwords, security codes, credit card data via keylogging.

Trojan Infections

• Create a new Trojan packet via Trojan Horse Construction Kit.
• Create a dropper to install malicious code on the target system.
• Executable files or applications may be wrapped.
• Trojans are installed on the victim's machine by a wrapper.
• The trojan will propagate to other systems.
• Execute the damage routine specified beforehand.

Wrappers

• Bind a Trojan executable to an innocent-looking application (e.g., game, office app).
• Install the Trojan in the background after the user runs the wrapped application.
• Two programs can be wrapped into one file, creating confusion for users.
• Attackers often send birthday greetings or other enticing elements inside the wrapped Trojan.

Command Shell Trojans

• Provides remote control of a command shell on the victim's machine.
• The Trojan server is installed, opening a port for the attacker's client to connect.
• An attacker's client runs a command shell on the victim's machine to launch attacks.

Remote Access Trojans (RATs)

• This Trojan allows complete remote desktop access.
• Complete GUI control over the remote system is possible.
• The attacker gains complete access once the reverse connection is established.
• Typically employs a server.exe file to infect a system and establish a connection to the attacker.

Botnet Trojans

• Infects numerous computers forming a botnet.
• The botnet is controlled by a central command and control (C&C) server.
• Launching attacks, like denial of service, spamming, click fraud, or financial data theft, are possible using botnets.

Evading Antivirus

• Splitting the Trojan file into multiple pieces and zipping it.
• Writing a customized Trojan and embedding it into an application.
• Changing the Trojan's syntax (e.g., converting .EXE to VB script, changing extensions).
• Modifying the Trojan's content using hex editors to change checksums and encrypt the file.
• Avoid using Trojans downloaded from the web as antivirus can usually detect them.

Computer Viruses

• Self-replicating programs that attach to other programs, boot sectors, or documents.
• Common transmission methods include file downloads, infected media, and email attachments.
• Virus characteristics include infecting other programs, altering data, corrupting files, transforming itself, encrypting itself, replicating itself.

Virus Life Cycle

• Design: Virus code development.
• Replication: Virus copies itself within the target system.
• Launch: Triggered by user action.
• Detection: Antivirus detects the virus.
• Incorporation: Antivirus learns to fight against the virus and integrates defenses against it.
• Elimination: Users remove the virus.

Reasons for Creating Viruses

• Damage to competitors.
• Financial gain.
• Research projects.
• Play pranks.
• Vandalism.
• Spreading political messages.
• Cyber-terrorism.

Virus/Worm Infection

• Acceptance of files that users downloaded without verifying the source.
• Opening infected email attachments.
• Installing pirated software.
• Failure to update or install updated plug-ins.
• Not having the latest antivirus application installed and running.

Encryption Viruses

• Simple encryption encrypts code.
• Different encryption keys for each infected file create detection challenges for antivirus software via signatures.

Computer Worms

• Self-replicating programs but do not attach to other files.
• Propagate via network connections independently.
• Can spread quickly and consume network resources.
• May include payload to damage the infected system.
• Attackers create backdoors in infected computers to create zombie armies for further attacks.

Worm vs. Virus

• Worms replicate independently, while viruses need hosts.
• Worms leverage network features to spread; viruses usually attach to files.
• Worms do not need to attach to other programs, whereas viruses often do.

Antivirus Sensor Systems

• Detects and analyzes malicious threats (e.g., viruses, worms, Trojans).
• Monitors network traffic, checking for malicious code.
• Implements various detection mechanisms on different systems.

Detecting Trojans

• Scan suspicious open ports.
• Scan for suspicious startup programs.
• Scan running processes.
• Scan for suspicious files and folders.
• Examine registry entries.
• Monitor network activities.
• Look for suspicious device drivers.
• Check for Windows services.
• Execute a Trojan scanner.

Trojan Countermeasures

• Prevent opening email attachments from strangers.
• Keep operating systems and applications updated.
• Block unnecessary ports on firewalls.
• Use strong and updated password practices.
• Update virus detection software regularly.
• Exercise caution when downloading and running applications.

Backdoor Countermeasures

• Install and regularly update trusted antivirus products.
• Educate users not to download or run programs from unknown sources.
• Utilize robust antivirus tools to scan for and remove backdoors.

Description

This quiz covers the various types of malware, their entry points, and distribution techniques. Learn how malware can affect systems and the methods used by cybercriminals to infiltrate networks. Test your knowledge on recognizing and preventing these threats.