Understanding Keyloggers and Spyware

Questions and Answers

What is one common way a malware can infect a computer?

• Working as a large group of devices
• Encrypting or deleting information from the computer
• Correlating keystrokes to gather private information (correct)
• Displaying advertising popups

How do malware authors typically find vulnerabilities in systems?

• Using advertising and popups
• By encrypting or deleting information
• Spending time to find weaknesses in applications or operating systems (correct)
• Working in a large group of devices

What is one potential result of malware infecting a computer?

• Displaying advertising popups
• Capturing keystrokes for private information
• Encrypting or deleting information from the computer (correct)
• Working as a large group of devices

What is a common way malware behaves once it is on a computer?

Displaying advertising popups (D)

How does malware typically spread once it is on a computer?

Setting up remote access backdoors (A)

What is one reason malware authors create backdoors in infected systems?

To have remote access back into the system (B)

What may cause your CPU utilization to suddenly increase significantly?

Installing spyware or malware with a built-in crypto miner (D)

How can you access the Windows Recovery Environment to remove malware?

By entering a special key combination during startup (D)

What does the Windows Recovery Environment provide access to?

All files within the operating system (C)

Which software can help prevent malware execution on your system in real-time?

Real-time anti-malware software (B)

How can you start the Windows Recovery Environment in Windows 10?

Via Settings, Update and Security, Recovery, Advanced startup (D)

What should you do to detect and stop malware before execution on your system?

Run antivirus or anti-malware software periodically (A)

Why is it important to run a real-time version of anti-malware software?

To protect against both viruses and malware effectively (C)

Which key should you hold down when selecting restart to access advanced startup options in Windows 11?

Shift (B)

Where can you find the option to reset this PC in Windows advanced options?

Advanced Options under Settings > Update and Security > Recovery (D)

What should you do to start Windows Recovery Environment from inside Windows itself?

Click on the power icon and then hold Shift key while clicking Restart (B)

What is the main reason for ensuring your system is always updated with the latest security patches?

To prevent malware authors from gaining complete access to your system (B)

What does a Trojan Horse malware do on a system?

Appears as harmless software but is actually malware (C)

How does a rootkit differ from other types of malware?

It embeds itself deep within the operating system (C)

What action could lead to installing malware on your system according to the text?

Clicking a link in an email (B)

Why was a Trojan Horse malware named after the Trojan Horse from Greek mythology?

Because it disguises itself as harmless software (C)

How can a rootkit hide itself from antivirus software?

By embedding deeply within the operating system (B)

What is one way to protect against Trojan Horse malware?

Download software only from reputable sources (B)

Why is it important to keep operating systems up to date with security patches?

To prevent exploitation of system vulnerabilities by third parties (B)

What is one characteristic of rootkits that makes them particularly difficult to detect?

They embed themselves deep within the operating system (B)

How can a Trojan Horse malware trick users into executing it?

By disguising itself as harmless software or utility (D)

What makes keyloggers a particularly nasty form of spyware?

They capture and store information from your keyboard. (A)

How do keyloggers bypass encryption used on networks?

By capturing keystrokes before encryption occurs. (B)

What is a common goal of ransomware attackers?

To encrypt personal data and demand payment for decryption. (D)

How can a user effectively eliminate ransomware from their system without paying the attackers?

Restore from a known good backup. (B)

What distinguishes ransomware from keyloggers in terms of impact on personal data?

Ransomware encrypts files, while keyloggers capture keystrokes. (D)

What action does the text suggest if an individual falls victim to ransomware?

Delete affected files and perform a system restore from a backup. (D)

Why is it challenging for an attacker to mine certain types of cryptocurrency?

The mining process requires specialized hardware. (A)

What is the primary reason ransomware attackers prefer to receive payment through cryptocurrency?

Because cryptocurrency transactions are untraceable. (B)

What distinguishes Dark Comet from other remote access Trojans mentioned in the text?

It is capable of capturing clipboard contents. (B)

What method does ransomware typically use to provide decryption keys to victims?

Providing a link to download the decryption key from a specified website (B)

What is a recommended way to prevent malware from communicating outbound from your system?

Run a software firewall on your operating system (A)

How does Microsoft’s Defender Firewall operate?

By default, constantly monitoring network communication (D)

What is the purpose of sending out phishing emails created by the company to users?

To see who might click on the emails and provide information (A)

Why is restoring a known good backup important when removing malware from a system?

To avoid restoring an infected operating system (D)

What is the purpose of re-imaging a computer with a known safe version of the operating system?

To quickly obtain a safe OS version (D)

How can posters and signs help improve security awareness in the workplace?

By reminding people about security requirements (D)

What is the ultimate way to guarantee removal of malware from a system?

Delete everything on the system and install a fresh OS (D)

How does a software firewall contribute to network security?

By monitoring inbound and outbound traffic (D)

Why do organizations create operating system images?

To quickly re-image computers with safe OS versions (D)

How can providing messages during login or updates enhance security awareness?

By reminding people about security requirements (D)

What is a common reason why rootkits are not as prevalent on systems today?

Security controls in the BIOS can detect and prevent rootkits (C)

How does secure boot functionality in UEFI BIOS help protect against malware?

It prevents suspicious software from executing during system startup (C)

What distinguishes a virus from other forms of malware?

Viruses need human intervention to spread (D)

How does a boot sector virus differ from a typical virus?

It resides in the boot sector of the drive (A)

What kind of malicious code is capable of evading antivirus detection by loading from the boot sector?

Boot sector virus (D)

How might spyware typically get installed on a computer?

Through peer-to-peer file sharing programs (D)

What actions can spyware perform once it infects a system?

Capture browsing habits and keystrokes (B)

In what circumstances might a user unknowingly install spyware on their computer?

By clicking on misleading advertising links (D)

Study Notes

• Malware is a type of software that can cause harm to computers and computer systems.
• There are various types of malware, including those that capture private information, coordinate with other devices, and display pop-ups.
• Malware authors exploit vulnerabilities in applications and operating systems to install malware on computers.
• Once malware is installed, it may download even more malware and create backdoors for remote access.
• To protect against malware, it is recommended to keep the operating system updated with security patches, run antivirus and anti-malware software, and ensure all applications are up to date.
• A Trojan Horse is a type of malware that disguises itself as a legitimate program but contains hidden malware.
• If a Trojan Horse application is executed, it can download more malware or perform malicious functions in the operating system.
• Antivirus software can help prevent Trojan Horses from executing but may not be able to detect all instances of this type of malware.
• Rootkits are malware that embed themselves deeply into the operating system and can hide from antivirus software, making them difficult to detect.
• Rootkits can give the attacker complete access to the system and allow them to hide their presence.
• Secure boot is a security control in modern computer BIOS that checks the operating system files and core kernel to ensure there are no malware or rootkits installed.
• A computer virus is a type of malware that can replicate itself from computer to computer and needs human intervention to spread.
• Boot sector viruses are viruses that infect the boot sector of a hard drive and run before the operating system loads, making them difficult to detect and remove.
• Spyware is a type of malware that steals personal information and can be installed as a Trojan Horse.
• Keyloggers are a type of spyware that record every key press and can take screenshots and monitor browsing habits.
• Spyware can steal sensitive information like usernames and passwords and send it to the attacker, bypassing any encryption the user may have in place.

Description

Learn about how keyloggers work and the dangers they pose in terms of stealing sensitive information. Discover how spyware can capture everything you type on your keyboard and monitor your screen activity, putting your data at risk.