1212 Ch9.7-10.2: Malware Types Quiz

Questions and Answers

Which of the following is NOT a common symptom of malware infection?

The browser homepage has changed

Excessive pop-ups displayed

The system shows significantly improved performance (correct)

Firewall alerts about program access

What should you do first if you suspect your computer is infected with malware?

Initiate a full system scan (correct)

Uninstall all antivirus software

Disconnect from the internet permanently

Delete all suspicious files immediately

Which of the following should you NOT do when dealing with malware warnings?

Perform regular system scans

Click on suspicious pop-up alerts to learn more (correct)

Reconnect to the internet after receiving a malware alert

Disconnect your computer from the network if an issue is detected

How can regular system scans help in malware detection?

They can detect and fix many problems

What is the role of antivirus software in preventing malware infections?

It keeps definition files up to date

Which of these actions can lead to a hoax virus incident?

Receiving instructions to delete important system files

What should be done if suspicious outgoing emails are noticed?

Check if the computer has a malware infection

What is the first step to take if malware is detected on a system?

Stop the malware process if possible

What should be done if the malware process cannot be stopped?

Boot into Safe Mode and scan for malware

Why is it important to schedule future anti-malware scans?

To keep the system updated with the latest signature files

What is the purpose of re-enabling System Restore after a malware removal?

To create a new restore point for future recovery

How do firewalls generally protect systems from attacks?

By blocking unauthorized network traffic

What is a characteristic of network firewalls?

They are positioned at the network's perimeter

What does the Microsoft Defender Antivirus Firewall protect?

A single host system

What is the main purpose of signature files in anti-malware software?

To identify specific known threats

Which setting in Windows Defender Firewall allows users to manage app permissions?

Allowed apps

How can users ensure their anti-malware software is effective?

By regularly updating signature files

What can help prevent future malware infections for users?

Educating users about safe internet practices

What is one of the recommended practices for secure file management?

Show full file extensions on all files

What is a good practice to enhance computer security beyond using anti-malware software?

Keep the operating system and browser up to date

What should be done before copying files to your computer?

Scan all files for malware

What should be disabled when previewing or viewing emails to enhance security?

Scripts

What is a necessary step to take in highly secured areas regarding removable drives?

Remove removable drives to prevent unauthorized access

What is one consequence of using signature-based scanning in anti-malware software?

It is unable to detect malware without a matching signature

What functionality does Windows Security provide for users?

Information about antivirus status and updates

Study Notes

Malware Types

• Malware is malicious software designed to compromise a system without user knowledge.
• Viruses attempt to damage and replicate on other systems.
  • Replication mechanism usually infects a file and uses it as a host.
  • Distributed when the infected file is distributed.
  • Sometimes attached to executable or other file types (e.g., .doc, .zip).
  • Can be distributed via email attachments.
  • Can be downloaded from malicious or compromised websites.
  • Objective is usually to destroy, compromise, or corrupt data.
  • Activated when triggered (e.g., file execution or opening with associated program).
• Worms are self-replicating programs.
  • Do not require a host file.
  • Automatically replicate.
  • Spread to other systems on a network.
• Trojan horses are disguised as legitimate software.
  • Hidden within useful software (e.g., games).
  • Malware is encapsulated within the wrapper.
  • Trojan cannot replicate itself.
  • Spreads manually.
  • May contain malware that turns the infected computer into a zombie (bot).

Rootkits

• Rootkits are stealthy malware.
• Installed in the boot sector of the hard disk drive.
• Loaded by the BIOS before the operating system.
• Loads the legitimate operating system.
• Very difficult to detect and remove.
• Hides itself from standard anti-malware software.
• Specialized rootkit detection software may be required.
• Removal often requires reinstalling the operating system.

Spyware

• Spyware intercepts or takes partial control of user interaction with the computer.
• Usually installed when users visit malicious websites, install infected applications, or open infected attachments.
• Collects personal information (e.g., internet surfing habits, usernames, passwords).
• Information is often sent to attackers for personal gain or sale.
• Some spyware uses cookies to collect information about internet activity.
• Some may interfere with user control of the computer (e.g., installing unwanted software, changing settings, redirecting web browser activity).

Adware

• Adware monitors user actions to identify preferences.
• Displays advertisements aligned with preferences (e.g., pop-ups).
• Passive in nature, invading user privacy without permission.
• Often installed with malicious websites, applications, or attachments.

Grayware

• Software that might offer a legitimate service but includes features unknown to or potentially malicious.
• Often installed with user permission, sometimes implied.
• User must opt out to avoid installation.

Ransomware

• Ransomware denies access to an infected computer system until a ransom is paid.
• Often encrypts the hard drive.
• Prevents access to data.
• Attacker demands ransom in return for decryption.
• Attackers may not unencrypt even if the ransom is paid.

Scareware

• Scareware fools users into thinking they have malware.
• Aims to sell fake antivirus software to remove nonexistent malware.

Crimeware

• Crimeware facilitates identity theft by gaining access to online financial accounts (e.g., banks).
• Tools can involve: Keystroke loggers (records keystrokes, mouse actions, screenshots), redirection to fake sites, stolen cached passwords.

Spam

• Spam is unwanted bulk email.
• Can be benign (selling products) or malicious (phishing scams, malware).
• Wastes bandwidth and resources.

Fileless Malware

• Fileless malware resides only in RAM.
• Never directly writes to the hard drive.
• Difficult for anti-malware to detect because no files are stored.
• Can exploit software vulnerabilities.
• Eliminated by rebooting the system.

Malware Protection

• Most vendors provide products to protect against various types of malware.
• Malware types include viruses, spyware, ransomware, adware, and spam.
• Anti-malware software can be installed on individual computers or network servers to scan attachments and files before they reach the end computer.
• Signature-based scanning systems (definition files) identify known threats. Files on the computer are compared to the signature files.
• Crucial to keep signature files updated daily to detect new malicious software.
• Scan all files before copying or running them.
• Keep operating systems and browsers up-to-date.
• Implement software policies to prevent downloads from untrusted sources.
• Disable or remove removable drives (e.g., optical drives, USB drives) to prevent unauthorized software intrusion.
• Show full file extensions to identify potentially malicious files.

Malware Detection

• Common symptoms of a malware infection include:
  • Browser homepages or default search pages changed.
  • Excessive pop-ups or strange messages.
  • Firewall alerts about programs accessing the internet.
  • System errors about corrupt or missing files.
  • File extension associations changed.
  • Files disappearing, being renamed, or corrupted.
  • New icons or toolbars.
  • Antivirus or firewall turned off, or inability to run scans.
  • System boot failure or slowdowns.
  • Unusual running applications or services.
• It is important to educate users on malware risks and good practices. Also to keep definitions files up-to-date.

Quarantine/Delete Files

• Quarantine infected files to a secure folder to prevent running/opening.
• Delete malicious files, but be careful with system files.
• Regularly review quarantines.

Suggested Remediation Procedure

• Identify infection symptoms.
• Quarantine the infected system.
• Disable System Restore.
• Update anti-malware definitions.
• Scan and remove malware.
• If necessary, schedule future scans and update signatures automatically.
• Re-enable System Restore and create new restore points.
• Educate the user.

Firewall Types

• Firewalls control traffic entering/leaving a computer's network interfaces, using access control lists (ACLs).
• Cannot protect against all attacks.
• Types:
  • Network firewalls (hardware-based): Positioned at the network perimeter.
  • Host-based firewalls (software-based): Reside on individual hosts (e.g., workstations, servers).

Microsoft Defender Firewall

• A software- and host-based firewall.
• Protects a single host system.
• Prevents attackers from gaining access to a Windows computer.
• Configurable via multiple interfaces.
• Firewall & Network Protection interface: Controls firewall status for various network profiles (e.g., domain, private, public).
• Allowed Apps interface: Allows or blocks specific applications/ports through the firewall.
• Advanced Security interface: Configure rules for protocols, ports, addresses, and authentication.

Event Logs

• Windows event logs are records of events on a computer.
• Logs help to troubleshoot problems.
• Logs exist for different categories (e.g., applications, security, system).
• Data can be filtered by type, severity, time period.
• User can create custom views to apply filters.

Windows Performance Monitor Tools

• Track computer performance using objects/counters in real-time.
• Object: A statistic group representing hardware/software.
• Counter: A specific statistic monitored (e.g., CPU usage, disk activity).
• Performance Monitor displays data in different forms (e.g., line graphs, histograms, text reports).
• Data Collector Sets (DCS) save performance data over time.

Task Manager

• Provides a snapshot of current system activity.
• Displays information about running processes, CPU, memory, disk, and network utilization.
• Allows checking and managing processes.

Process Explorer

• Identifies programs with open files/directories and their associated handles/DLLs.
• Identifies applications and services on the hard drive.
• Provides statistics on CPU use, committed virtual memory, I/O throughput

Reliability Monitor

• Tracks computer stability.
• Maintains historical data about the operating system's stability (stability index).
• Includes a chart showing system stability over time.
• Useful for identifying stability issues.

Action Center

• Central location for managing system messages and resolving issues.
• Highlights critical issues and provides notifications of changes in status.
• Provides recommendations for resolving and correcting problems.
• Integrates alerts from connected security and maintenance tools (e.g., Windows Update).

System Information App

• Displays comprehensive view of computer's hardware, components, and software.
• Information about drivers, current components, and other hardware components.

System Configuration App

• Used to troubleshoot technical issues and optimise startup process.
• Used for configuring startup preferences, viewing/customising Windows setup components, and configuring services.
• System Configuration utility does not alter current state of services immediately.
• Changes are applied after the system reboots.

Description

Test your knowledge on different types of malware, including viruses, worms, and Trojan horses. Understand their mechanisms, how they spread, and their potential impact on systems. This quiz challenges your awareness and comprehension of cybersecurity threats.