Chapter 9 Malware
Anti-malware software utilizes different methods to detect malware. One of these methods is scanning. Which of the following best describes scanning?
Scanning uses live system monitoring to detect malware immediately. This technique utilizes a database that needs to be updated regularly. Scanning is the quickest way to catch malware programs.
Injector
The program that injects, or places, the malware into vulnerable running processes.
Malicious code
The programming that performs the malware's basic functionality.
The Patriot Act
This act expanded on the powers already included in the Computer Fraud and Abuse Act.
Obfuscator
Uses different techniques to conceal the malware.
Which of the following best describes an anti-virus sensor system?
A collection of software that detects and analyzes malware.
Malware
Any software that is designed to perform malicious and disruptive actions.
Packer
Compresses the malware to reduce its size and also helps hide it.
A virus has replicated itself throughout the infected systems and is executing its payload. Which of the following phases of the virus lifecycle is the virus in?
Launch
Which of the following virus types is shown in the code below?
Logic bomb
You work for a penetration testing consulting company. During an internal penetration test, you find that VNC is being used on the network, which violates your company's security policies. It was installed to maintain access by a malicious employee. In this lab, your task is to complete the following: From the IT-Laptop, use Zenmap to scan all computers on the network to see if any devices have port 5900 (VNC) open. Answer Question 1. Go to the suspect computer and uninstall VNC. From the suspect computer, run netstat to verify the ports for VNC are closed.
Find the server that has port 5900 open.From the Favorites bar, open Zenmap.In the Command field, use nmap -p 5900 192.168.0.0/24.Select Scan.From the results, find the computer with port 5900 open.From the top right, select Answer Questions.Answer Question 1.Minimize the Lab Questions window. Uninstall VNC from the computer that has port 5900 open.From the top navigation tabs, select Floor 1 Overview.Find and select the computer that has port 5900 open. (Open the Question window if needed.)At the prompt, type netstat and press Enter to confirm the port is open on the machine.Type dnf list vnc and press Enter to find the package name.Type dnf erase libvncserver and press Enter.Press Y and press Enter to uninstall the package.Type netstat and press Enter to confirm the port has been closed on the machine.From the top right, select Answer Questions.Select Score Lab.
Rudy is analyzing a piece of malware discovered in a pentest. He has taken a snapshot of the test system and will run the malware. He will take a snapshot afterwards and monitor different components such as ports, processes, event logs, and more for any changes. Which of the following processes is he using?
Host integrity monitoring
Which of the following is the first step you should take if malware is found on a system?
Isolate the system from the network immediately.
Which of the following malware types shows the user signs of potential harm that could occur if the user doesn't take a certain action?
Scareware
Analyzing emails, suspect files, and systems for malware is known as which of the following?
Sheep dipping
Sheep dipping
The process of analyzing emails, suspect files, and systems for malware.
Payload
This is the main piece of the malware. The payload is what performs the intended activity of the malware.
CAN-SPAM Act
This law was designed to thwart the spread of spam.
The Computer Fraud and Abuse Act
This law was originally passed to address federal computer-related offenses and the cracking of computer systems.
Exploit
This takes advantage of a bug or vulnerability to execute the malware.
Heather wants to gain remote access to Randy's machine. She has developed a program and hidden it inside a legitimate program that she is sure Randy will install on his machine. Which of the following types of malware is she using?
Trojan horse
Daphne suspects a Trojan horse is installed on her system. She wants to check all active network connections to see which programs are making connections and the FQDN of where those programs are connecting to. Which command will allow her to do this?
netstat -f -b
The program shown is a crypter. Which of the following best defines what this program does?
A crypter can encrypt, obfuscate, and manipulate malware to make it difficult to detect.
Daphne has determined that she has malware on her Linux machine. She prefers to only use open-source software. Which anti-malware software should she use?
ClamAV
Part of a penetration test is checking for malware vulnerabilities. During this process, the penetration tester will need to manually check many different areas of the system. After these checks have been completed, which of the following is the next step?
Run anti-malware scans
Crypter
Basically a shell around the malware code that keeps the malware from being analyzed and reverse engineered. This also helps prevent detection by anti-malware programs.
Which of the following laws is designed to regulate emails?
CAN-SPAM Act
Which of the following parts of the Trojan horse packet installs the malicious code onto the target machine?
Dropper
In this lab, your task is to use nmap to detect open ports as follows: Scan the following network addresses:198.28.1.0/24192.168.0.0/24 Find and report any open ports, especially those susceptible to hacking attacks. Answer the questions.
From the Favorites bar, open Terminal. At the prompt, type nmap -p- 198.28.1.0/24 and press Enter to scan for open ports on all servers located on this network. Type nmap -p- 192.168.0.0/24 and press Enter to scan for open ports on all the servers located on this network. In the top right, select Answer Questions. Answer the questions. Select Score Lab.
Patrick is planning a penetration test for a client. As part of this test, he will perform a phishing attack. He needs to create a virus to distribute through email and run a custom script that will let him track who has run the virus. Which of the following programs will allow him to create this virus?
JPS
In this lab, your task is to: Use ssh -X to connect to your rogue computer (192.168.0.251). Use 1worm4b8 as the root password. Use Zenmap on the remote computer to scan all the ports on the internal network looking for computers vulnerable to attack. Answer the question.
From the Favorites bar, open Terminal. At the prompt, type ssh -X 192.168.0.251 and press Enter. For the root password, type 1worm4b8 and press Enter.You are now connected to Rogue1. Type zenmap and press Enter to launch Zenmap remotely.Zenmap is running on the remote computer, but you see the screen locally. In the Command field, type nmap -p- 192.168.0.0/24. Select Scan. From the results, find the computers with ports open that make them vulnerable to attack. In the top right, select Answer Questions. Answer the question. Select Score Lab.
Heather is performing a penetration test of her client's malware protection. She has developed a malware program that doesn't require any user interaction and wants to see how far it will spread through the network. Which of the following types of malware is she using?
Worm
