Ch. 9 - Malware
Obfuscator
The act of concealing malware through different techniques.
CAN-SPAM Act
This law was designed to thwart the spread of spam.
D. Dropper
Which of the following parts of the Trojan horse packet installs the malicious code onto the target machine? A. Server B. Construction kit C. Wrapper D. Dropper
B. Launch
A virus has replicated itself throughout the infected systems and is executing its payload. Which of the following phases of the virus lifecycle is the virus in? A. Design B. Launch C. Replication D. Incorporation
D. Sheep dipping
Analyzing emails, suspect files, and systems for malware is known as which of the following? A. Static analysis B. Dynamic analysis C. Integrity checking D. Sheep dipping
Malware
Any software that is designed to perform malicious and disruptive actions.
A. ClamAV
Daphne has determined that she has malware on her Linux machine. She prefers to only use open-source software. Which anti-malware software should she use? A. ClamAV B. Bitdefender C. Avira D. Kaspersky
A. netstat -f -b
Daphne suspects a Trojan horse is installed on her system. She wants to check all active network connections to see which programs are making connections and the FQDN of where those programs are connecting to. Which command will allow her to do this? A. netstat -f -b B. netstat -f -a C. netstat -f -a -b D. netstat -a -b
Payload
The main piece of malware. The payload is the part that performs the malware's intended activity.
Sheep dipping
The process of analyzing emails, suspect files, and systems for malware.
Malicious code
Code that defines the malware's basic functionality, such as deleting data or opening backdoors into the target.
C. JPS
Patrick is planning a penetration test for a client. As part of this test, he will perform a phishing attack. He needs to create a virus to distribute through email and run a custom script that will let him track who has run the virus. Which of the following programs will allow him to create this virus? A. ProRat B. TCPView C. JPS D. Webroot
B. A collection of software that detects and analyzes malware.
Which of the following best describes an anti-virus sensor system? A. Analyzing the code of malware to understand its purpose without running it. B. A collection of software that detects and analyzes malware. C. Analyzing malware by running and observing its behavior and effects. D. Software that is used to protect a system from malware infections.
Exploit
The act of taking advantage of a bug or vulnerability to execute malware.
The Computer Fraud and Abuse Act
This law was originally passed to address federal computer-related offenses and the cracking of computer systems.
D. CAN-SPAM Act
Which of the following laws is designed to regulate emails? A. USA Patriot Act B. CFAA C. HIPAA D. CAN-SPAM Act
Injector
A program that injects malware into vulnerable running processes.
D. Run anti-malware scans
Part of a penetration test is checking for malware vulnerabilities. During this process, the penetration tester will need to manually check many different areas of the system. After these checks have been completed, which of the following is the next step? A. Document all findings B. Sanitize the system C. Isolate system from network D. Run anti-malware scans
B. A crypter can encrypt, obfuscate, and manipulate malware to make it difficult to detect.
The program shown is a crypter. Which of the following best defines what this program does? (pic of crypter) A. A crypter is the main piece of the malware, the part of the program that performs the malware's intended activity. B. A crypter can encrypt, obfuscate, and manipulate malware to make it difficult to detect. C. A crypter compresses the malware to reduce its size and help hide it from anti-malware software. D. A crypter takes advantage of a bug or vulnerability to execute the malware's payload.
Crypter
Software that protects the malware code from being analyzed and reverse engineered. It also helps prevent detection from anti-virus software.
C. Worm
Heather is performing a penetration test of her client's malware protection. She has developed a malware program that doesn't require any user interaction and wants to see how far it will spread through the network. Which of the following types of malware is she using? A. Spyware B. Trojan horse C. Worm D. Virus
C. Trojan horse
Heather wants to gain remote access to Randy's machine. She has developed a program and hidden it inside a legitimate program that she is sure Randy will install on his machine. Which of the following types of malware is she using? A. Spyware B. Worm C. Trojan horse D. Virus
Heuristic algorithm
Heuristic algorithms generate fairly accurate results in a short amount of time by focusing on speed instead of accuracy and completeness.
The Patriot Act
This act expanded on the powers already included in the Computer Fraud and Abuse Act.
C. Host integrity monitoring
Rudy is analyzing a piece of malware discovered in a pentest. He has taken a snapshot of the test system and will run the malware. He will take a snapshot afterwards and monitor different components such as ports, processes, event logs, and more for any changes. Which of the following processes is he using? A. Malware disassembly B. Static analysis C. Host integrity monitoring D. Sheep dipping
A. Isolate the system from the network immediately.
Which of the following is the first step you should take if malware is found on a system? A. Isolate the system from the network immediately. B. Check for suspicious or unknown registry entries. C. Look through the event log for suspicious events. D. Sanitize the system using updated anti-malware software.
A. Scanning uses live system monitoring to detect malware immediately. This technique utilizes a database that needs to be updated regularly. Scanning is the quickest way to catch malware programs.
Anti-malware software utilizes different methods to detect malware. One of these methods is scanning. Which of the following best describes scanning? A. Scanning uses live system monitoring to detect malware immediately. This technique utilizes a database that needs to be updated regularly. Scanning is the quickest way to catch malware programs. B. Scanning is when the anti-malware software opens a virtual environment to mimic CPU and RAM activity. Malware code is executed in this environment instead of the physical processor. C. Scanning aids in detecting new or unknown malware that is based on another known malware. Every malware has a fingerprint, or signature. If a piece of code contains similar code, the scan should mark it as malware and alert the user. D. Scanning establishes a baseline and keeps an eye on any system changes that shouldn't happen. The program will alert the user that there is possible malware on the system.
Packer
The act of compressing malware to help hide it.
B. Scareware
Which of the following malware types shows the user signs of potential harm that could occur if the user doesn't take a certain action? A. Ransomware B. Scareware C. Adware D. Spyware
A. Logic bomb
Which of the following virus types is shown in the code below? (pic of code and malware with start if/stop if) A. Logic bomb B. Cavity C. Direct action D. Metamorphic
