1212 Ch9.7-10.2: Malware Types Quiz

Questions and Answers

Which of the following is NOT a common symptom of malware infection?

• The browser homepage has changed
• Excessive pop-ups displayed
• The system shows significantly improved performance (correct)
• Firewall alerts about program access

What should you do first if you suspect your computer is infected with malware?

• Initiate a full system scan (correct)
• Uninstall all antivirus software
• Disconnect from the internet permanently
• Delete all suspicious files immediately

Which of the following should you NOT do when dealing with malware warnings?

• Perform regular system scans
• Click on suspicious pop-up alerts to learn more (correct)
• Reconnect to the internet after receiving a malware alert
• Disconnect your computer from the network if an issue is detected

How can regular system scans help in malware detection?

They can detect and fix many problems (B)

What is the role of antivirus software in preventing malware infections?

It keeps definition files up to date (D)

Which of these actions can lead to a hoax virus incident?

Receiving instructions to delete important system files (D)

What should be done if suspicious outgoing emails are noticed?

Check if the computer has a malware infection (C)

What is the first step to take if malware is detected on a system?

Stop the malware process if possible (A)

What should be done if the malware process cannot be stopped?

Boot into Safe Mode and scan for malware (D)

Why is it important to schedule future anti-malware scans?

To keep the system updated with the latest signature files (B)

What is the purpose of re-enabling System Restore after a malware removal?

To create a new restore point for future recovery (D)

How do firewalls generally protect systems from attacks?

By blocking unauthorized network traffic (A)

What is a characteristic of network firewalls?

They are positioned at the network's perimeter (A)

What does the Microsoft Defender Antivirus Firewall protect?

A single host system (C)

What is the main purpose of signature files in anti-malware software?

To identify specific known threats (D)

Which setting in Windows Defender Firewall allows users to manage app permissions?

Allowed apps (B)

How can users ensure their anti-malware software is effective?

By regularly updating signature files (C)

What can help prevent future malware infections for users?

Educating users about safe internet practices (D)

What is one of the recommended practices for secure file management?

Show full file extensions on all files (B)

What is a good practice to enhance computer security beyond using anti-malware software?

Keep the operating system and browser up to date (A)

What should be done before copying files to your computer?

Scan all files for malware (C)

What should be disabled when previewing or viewing emails to enhance security?

Scripts (D)

What is a necessary step to take in highly secured areas regarding removable drives?

Remove removable drives to prevent unauthorized access (C)

What is one consequence of using signature-based scanning in anti-malware software?

It is unable to detect malware without a matching signature (A)

What functionality does Windows Security provide for users?

Information about antivirus status and updates (D)

Flashcards

Malware Symptoms

Indicators that a computer system might be infected with malicious software.

Malware Infection Signs

Common issues like modified browser settings, excessive pop-ups, firewall alerts, and error messages.

Anti-malware Importance

The crucial role of anti-malware software in securing computer systems.

Regular System Scans

Scheduled checks to detect and address potential issues on a computer system.

Disconnect for Infected Systems

The need to disconnect a suspected infected computer from the network to prevent further spread of the malware.

Hoax Virus Warning

A false virus alert that directs you to take actions harming your system.

File Scanning

The process of checking files for malicious contents before executing.

Signature-based scanning

Anti-malware method that identifies known threats using signature files, which contain patterns of malicious code.

Signature files

Files containing patterns of known malicious code used by anti-malware software to identify threats.

Anti-malware updates

Regular downloads of new signature files and software updates to protect against emerging threats.

Double file extensions

Malicious files disguised as harmless ones by using two extensions (e.g., .txt.exe).

How to check security status

Use Windows Security app to check antivirus, automatic updates, and firewall status.

Disable scripts in emails

A precaution to prevent malicious scripts from running when previewing emails.

Network server anti-malware

Protecting a network by installing anti-malware software on the server to scan incoming files and attachments.

Host system anti-malware

Protecting an individual computer by installing anti-malware software that scans the entire system.

Software policies for downloads

Implementing rules to limit downloading software from the internet to reduce potential threats.

What is a firewall?

A digital barrier that controls network traffic in and out of a computer. It uses rules to block unauthorized connections.

What is an access control list (ACL)?

A set of rules used by a firewall to determine which network traffic is allowed or blocked.

Network Firewall

Implemented using hardware, positioned at the network's perimeter to protect the entire network.

Host-based Firewall

Implemented as software, installed on individual computers within a network.

Microsoft Defender Firewall

A host-based firewall in Windows operating systems that protects individual computers from internet or network threats.

Firewall & network protection

The main interface for managing the Microsoft Defender Firewall, allowing you to turn the firewall on or off for different network profiles.

Allowed apps

A section of the firewall settings where you can specify which apps and ports are allowed to access the network.

Windows Defender Firewall with Advanced Security

A more advanced interface for configuring the firewall with detailed rules and settings.

What do firewalls do?

They protect computers from unauthorized connections by blocking malicious traffic based on predefined rules, enhancing overall security.

Study Notes

Malware Types

• Malware is malicious software designed to compromise a system without user knowledge.
• Viruses attempt to damage and replicate on other systems.
  • Replication mechanism usually infects a file and uses it as a host.
  • Distributed when the infected file is distributed.
  • Sometimes attached to executable or other file types (e.g., .doc, .zip).
  • Can be distributed via email attachments.
  • Can be downloaded from malicious or compromised websites.
  • Objective is usually to destroy, compromise, or corrupt data.
  • Activated when triggered (e.g., file execution or opening with associated program).
• Worms are self-replicating programs.
  • Do not require a host file.
  • Automatically replicate.
  • Spread to other systems on a network.
• Trojan horses are disguised as legitimate software.
  • Hidden within useful software (e.g., games).
  • Malware is encapsulated within the wrapper.
  • Trojan cannot replicate itself.
  • Spreads manually.
  • May contain malware that turns the infected computer into a zombie (bot).

Rootkits

• Rootkits are stealthy malware.
• Installed in the boot sector of the hard disk drive.
• Loaded by the BIOS before the operating system.
• Loads the legitimate operating system.
• Very difficult to detect and remove.
• Hides itself from standard anti-malware software.
• Specialized rootkit detection software may be required.
• Removal often requires reinstalling the operating system.

Spyware

• Spyware intercepts or takes partial control of user interaction with the computer.
• Usually installed when users visit malicious websites, install infected applications, or open infected attachments.
• Collects personal information (e.g., internet surfing habits, usernames, passwords).
• Information is often sent to attackers for personal gain or sale.
• Some spyware uses cookies to collect information about internet activity.
• Some may interfere with user control of the computer (e.g., installing unwanted software, changing settings, redirecting web browser activity).

Adware

• Adware monitors user actions to identify preferences.
• Displays advertisements aligned with preferences (e.g., pop-ups).
• Passive in nature, invading user privacy without permission.
• Often installed with malicious websites, applications, or attachments.

Grayware

• Software that might offer a legitimate service but includes features unknown to or potentially malicious.
• Often installed with user permission, sometimes implied.
• User must opt out to avoid installation.

Ransomware

• Ransomware denies access to an infected computer system until a ransom is paid.
• Often encrypts the hard drive.
• Prevents access to data.
• Attacker demands ransom in return for decryption.
• Attackers may not unencrypt even if the ransom is paid.

Scareware

• Scareware fools users into thinking they have malware.
• Aims to sell fake antivirus software to remove nonexistent malware.

Crimeware

• Crimeware facilitates identity theft by gaining access to online financial accounts (e.g., banks).
• Tools can involve: Keystroke loggers (records keystrokes, mouse actions, screenshots), redirection to fake sites, stolen cached passwords.

Spam

• Spam is unwanted bulk email.
• Can be benign (selling products) or malicious (phishing scams, malware).
• Wastes bandwidth and resources.

Fileless Malware

• Fileless malware resides only in RAM.
• Never directly writes to the hard drive.
• Difficult for anti-malware to detect because no files are stored.
• Can exploit software vulnerabilities.
• Eliminated by rebooting the system.

Malware Protection

• Most vendors provide products to protect against various types of malware.
• Malware types include viruses, spyware, ransomware, adware, and spam.
• Anti-malware software can be installed on individual computers or network servers to scan attachments and files before they reach the end computer.
• Signature-based scanning systems (definition files) identify known threats. Files on the computer are compared to the signature files.
• Crucial to keep signature files updated daily to detect new malicious software.
• Scan all files before copying or running them.
• Keep operating systems and browsers up-to-date.
• Implement software policies to prevent downloads from untrusted sources.
• Disable or remove removable drives (e.g., optical drives, USB drives) to prevent unauthorized software intrusion.
• Show full file extensions to identify potentially malicious files.

Malware Detection

• Common symptoms of a malware infection include:
  • Browser homepages or default search pages changed.
  • Excessive pop-ups or strange messages.
  • Firewall alerts about programs accessing the internet.
  • System errors about corrupt or missing files.
  • File extension associations changed.
  • Files disappearing, being renamed, or corrupted.
  • New icons or toolbars.
  • Antivirus or firewall turned off, or inability to run scans.
  • System boot failure or slowdowns.
  • Unusual running applications or services.
• It is important to educate users on malware risks and good practices. Also to keep definitions files up-to-date.

Quarantine/Delete Files

• Quarantine infected files to a secure folder to prevent running/opening.
• Delete malicious files, but be careful with system files.
• Regularly review quarantines.

Suggested Remediation Procedure

• Identify infection symptoms.
• Quarantine the infected system.
• Disable System Restore.
• Update anti-malware definitions.
• Scan and remove malware.
• If necessary, schedule future scans and update signatures automatically.
• Re-enable System Restore and create new restore points.
• Educate the user.

Firewall Types

• Firewalls control traffic entering/leaving a computer's network interfaces, using access control lists (ACLs).
• Cannot protect against all attacks.
• Types:
  • Network firewalls (hardware-based): Positioned at the network perimeter.
  • Host-based firewalls (software-based): Reside on individual hosts (e.g., workstations, servers).

Microsoft Defender Firewall

• A software- and host-based firewall.
• Protects a single host system.
• Prevents attackers from gaining access to a Windows computer.
• Configurable via multiple interfaces.
• Firewall & Network Protection interface: Controls firewall status for various network profiles (e.g., domain, private, public).
• Allowed Apps interface: Allows or blocks specific applications/ports through the firewall.
• Advanced Security interface: Configure rules for protocols, ports, addresses, and authentication.

Event Logs

• Windows event logs are records of events on a computer.
• Logs help to troubleshoot problems.
• Logs exist for different categories (e.g., applications, security, system).
• Data can be filtered by type, severity, time period.
• User can create custom views to apply filters.

Windows Performance Monitor Tools

• Track computer performance using objects/counters in real-time.
• Object: A statistic group representing hardware/software.
• Counter: A specific statistic monitored (e.g., CPU usage, disk activity).
• Performance Monitor displays data in different forms (e.g., line graphs, histograms, text reports).
• Data Collector Sets (DCS) save performance data over time.

Task Manager

• Provides a snapshot of current system activity.
• Displays information about running processes, CPU, memory, disk, and network utilization.
• Allows checking and managing processes.

Process Explorer

• Identifies programs with open files/directories and their associated handles/DLLs.
• Identifies applications and services on the hard drive.
• Provides statistics on CPU use, committed virtual memory, I/O throughput

Reliability Monitor

• Tracks computer stability.
• Maintains historical data about the operating system's stability (stability index).
• Includes a chart showing system stability over time.
• Useful for identifying stability issues.

Action Center

• Central location for managing system messages and resolving issues.
• Highlights critical issues and provides notifications of changes in status.
• Provides recommendations for resolving and correcting problems.
• Integrates alerts from connected security and maintenance tools (e.g., Windows Update).

System Information App

• Displays comprehensive view of computer's hardware, components, and software.
• Information about drivers, current components, and other hardware components.

System Configuration App

• Used to troubleshoot technical issues and optimise startup process.
• Used for configuring startup preferences, viewing/customising Windows setup components, and configuring services.
• System Configuration utility does not alter current state of services immediately.
• Changes are applied after the system reboots.

Description

Test your knowledge on different types of malware, including viruses, worms, and Trojan horses. Understand their mechanisms, how they spread, and their potential impact on systems. This quiz challenges your awareness and comprehension of cybersecurity threats.