1_2_5 Section 1 – Attacks, Threats, and Vulnerabilities - 1.2 – Attack Types - Rootkits

Questions and Answers

What is the common characteristic of a rootkit?

Creating new user accounts

Displaying pop-up ads

Slowing down internet speed

Modifying files in the operating system kernel (correct)

Why is a rootkit difficult to detect by antivirus software?

Because it changes the system background color

Because it increases RAM capacity

Because it modifies kernel files (correct)

Because it adds new desktop icons

What did malware authors do to make removal of malware more challenging?

Provided uninstallation guides

Combined rootkit functionality with malware functionality (correct)

Made sure malware was visible on the desktop

Sent polite notifications to users

Which malware is mentioned as an example of combining a rootkit with malware to transfer money?

Zeus or Zbot malware

What does a rootkit combined with malware create?

Malware that is difficult to remove

What type of accounts does a rootkit target on Unix or Linux systems?

Root/administrative accounts

What would happen if you tried to delete the files affected by the rootkit malware?

The rootkit would prevent you from deleting any part of the botnet malware.

How does the rootkit affect attempts to stop the malware process in Windows?

It denies access to stopping the Windows process used by the malware.

What is the role of anti-malware and antivirus software in relation to rootkits?

They can detect and identify rootkits running on a system.

What feature does UEFI BIOS include that helps prevent rootkits from being installed on modern systems?

Secure boot that checks for kernel changes

Why are specific rootkit removers designed for removing certain variants or types of rootkits?

Different rootkits require different removal techniques.

What is the primary function of a rootkit in the context of malware?

Prevent deletion of malware files and processes

How does a rootkit affect attempts to stop the malware process in Windows?

Deny access to stopping the Windows process

What is the role of UEFI BIOS secure boot feature in preventing rootkits?

It checks for kernel modifications and prevents booting if detected

Why do some anti-malware software struggle to detect rootkits?

Rootkits mimic regular system files and processes

What is the purpose of specific rootkit removers designed for different variants or types of rootkits?

To remove specific types of rootkits effectively

What part of the operating system does a rootkit primarily modify?

Files in the kernel

Why are rootkits difficult to detect by traditional security software?

They become part of the operating system kernel

What is a key characteristic of the Zeus malware combined with the Necurs rootkit?

Transferring money out of bank accounts

How does combining rootkit functionality with malware make removal challenging?

It makes the malware harder to detect

In what way does a rootkit's placement in the operating system differ from other malware?

Rootkits become part of the operating system

What role does the kernel play in relation to rootkit-infected systems?

Is modified by rootkits to avoid detection