1_2_5 Section 1 – Attacks, Threats, and Vulnerabilities - 1.2 – Attack Types - Rootkits

Questions and Answers

What is the common characteristic of a rootkit?

• Creating new user accounts
• Displaying pop-up ads
• Slowing down internet speed
• Modifying files in the operating system kernel (correct)

Why is a rootkit difficult to detect by antivirus software?

• Because it changes the system background color
• Because it increases RAM capacity
• Because it modifies kernel files (correct)
• Because it adds new desktop icons

What did malware authors do to make removal of malware more challenging?

• Provided uninstallation guides
• Combined rootkit functionality with malware functionality (correct)
• Made sure malware was visible on the desktop
• Sent polite notifications to users

Which malware is mentioned as an example of combining a rootkit with malware to transfer money?

Zeus or Zbot malware (C)

What does a rootkit combined with malware create?

Malware that is difficult to remove (C)

What type of accounts does a rootkit target on Unix or Linux systems?

Root/administrative accounts (B)

What would happen if you tried to delete the files affected by the rootkit malware?

The rootkit would prevent you from deleting any part of the botnet malware. (B)

How does the rootkit affect attempts to stop the malware process in Windows?

It denies access to stopping the Windows process used by the malware. (C)

What is the role of anti-malware and antivirus software in relation to rootkits?

They can detect and identify rootkits running on a system. (B)

What feature does UEFI BIOS include that helps prevent rootkits from being installed on modern systems?

Secure boot that checks for kernel changes (A)

Why are specific rootkit removers designed for removing certain variants or types of rootkits?

Different rootkits require different removal techniques. (D)

What is the primary function of a rootkit in the context of malware?

Prevent deletion of malware files and processes (B)

How does a rootkit affect attempts to stop the malware process in Windows?

Deny access to stopping the Windows process (D)

What is the role of UEFI BIOS secure boot feature in preventing rootkits?

It checks for kernel modifications and prevents booting if detected (C)

Why do some anti-malware software struggle to detect rootkits?

Rootkits mimic regular system files and processes (C)

What is the purpose of specific rootkit removers designed for different variants or types of rootkits?

To remove specific types of rootkits effectively (B)

What part of the operating system does a rootkit primarily modify?

Files in the kernel (D)

Why are rootkits difficult to detect by traditional security software?

They become part of the operating system kernel (D)

What is a key characteristic of the Zeus malware combined with the Necurs rootkit?

Transferring money out of bank accounts (B)

How does combining rootkit functionality with malware make removal challenging?

It makes the malware harder to detect (C)

In what way does a rootkit's placement in the operating system differ from other malware?

Rootkits become part of the operating system (B)

What role does the kernel play in relation to rootkit-infected systems?

Is modified by rootkits to avoid detection (D)