7.3 Malware; PBQs
Mobile device attacks can be devastating to the device and the data stored on it. Which of the following common attacks allows the attacker to steal data or money from the victim? Agent Smith
Agent Smith The Agent Smith attack allows the attacker to steal data or money from the victim.
Which of the following are the general types of persistence IoCs? (Select two.) Change or anomaly in the registry An unauthorized scheduled task
An unauthorized scheduled task: This can indicate that an attacker has set up a task to run at specific intervals to maintain their presence on the system. Change or anomaly in the registry: Changes or unusual entries in the registry can be a sign that malware has modified system settings to ensure it remains active.
File system and registry changes can indicate or suggest a security breach, or attack has occurred. An attacker may change critical system configuration stored in system files or registry keys to change or disable essential security settings or store malware and scripts. Which of the following are signs that might indicate a security breach or attack on a file system? (Select two.) The removal of temp files or deleting log entries. The creation of new files or folders in unexpected locations or with unusual names.
The creation of new files or folders in unexpected locations or with unusual names: This can be a sign that an attacker has gained access and is planting malware or scripts in hidden or obscure locations. The removal of temp files or deleting log entries: Attackers often try to cover their tracks by deleting temporary files or log entries that might reveal their activities.
Which of the following malware analysis techniques identifies unique malware programs by generating a hash for that program? fingerprinting
fingerprinting Fingerprinting involves creating a unique identifier (a hash) for a program, which helps in recognizing and distinguishing malware. Hashes are generated using cryptographic algorithms and can be used to compare files to known malware signatures.
File fingerprinting, scanning, string searches, and disassembly are all used to identify malware. When these techniques are used, what is the identifying information called? malware signature
malware signature A malware signature is a unique pattern or hash generated from the malware's code or behavior. It helps security tools and analysts detect and identify specific malware programs based on known characteristics.
As a sales representative for your company, you are in an airline lounge waiting for your next flight. To make the best use of your time, you decide to connect to the internet from your tablet to do some additional research about the company you will be contacting. You search for and connect to a Wi-Fi access point with the same name as the access point provided by the airline. However, it does not require a passcode, which the airline has instructed you to use to make the connection. You suspect that it might be a rogue access point. Which of the following vulnerability vectors does this type of attack fall under? network
network vulnerability vector. A rogue access point is a wireless access point that has been installed on a secure network without authorization. It's typically used by attackers to intercept and steal data transmitted over the network. By connecting to an unsecured Wi-Fi access point, your device and the information you access could be at risk.
What is the MOST important consideration for sandboxing activities when performing malware analysis? physical or logical isolation of the sandbox host from the main network
physical or logical isolation of the sandbox host from the main network. Physical or logical isolation ensures that any malicious code executed within the sandbox environment cannot affect the main network. This isolation is critical to prevent the spread of malware and to contain any potential damage.
Which method of malware analysis includes matching signatures, analyzing code without executing it, disassembly, and string searching? Static analysis
Static analysis Static analysis is signature-based and includes analyzing code without executing it. It also includes disassembly and string searches.
Which of the following mobile security concerns is characterized by malicious code that specifically targets mobile devices? Malicious websites
Malicious websites Malicious or compromised websites are often used to launch web or network attacks. An attacker can design a website to easily determine which type of device is being used and then use malicious code that specifically targets mobile devices.
Mary has been receiving text messages that contain links to malicious websites. Which type of attack is Mary a victim of? SMiShing
SMiShing SMiShing (SMS phishing) involves sending deceptive text messages to trick recipients into clicking on malicious links. These links can lead to websites designed to steal personal information, install malware, or commit other forms of cyber fraud.
