Meu CEH > Module 7 - Malware Threats > Flashcards

Module 7 - Malware Threats Flashcards

(15 cards)

Study These Flashcards
1
Q

Malware Concepts:

Is a malicious software that damages or disables computer systems and gives limited or full control of the systems to the malware creator for the purpose of theft or fraud.

a. Spyware
b. Underwear
c. Adware
d. Malware

A

d. Malware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Malware Concepts:

A malicious code that breaches the system security via software vulnerabilities to access information or install malware.

a. Crypter
b. Downloader
c. Dropper
d. Exploit
e. Wrapper
f. Obfuscator

A

d. Exploit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Trojan Concepts:

  • Binds a Trojan executable with genuine looking .EXE applications such as games or office application.
  • When the user runs the .EXE, it first installs the Trojan in the backgroup and then runs the application in the foreground.
  • Attackers might send a birthday greeting that will install a Trojan as the user watches, for example, a birthday cake dancing across the screen.
    a. Crypter
    b. Downloader
    c. Dropper
    d. Exploit
    e. Wrapper
    f. Obfuscator
A

e. Wrapper

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Trojan Concepts:

  • This Trojan works like a remote desktop access.
  • Hacker gains complete GUI access to the remote system.
    a. Command Shell Trojans
    b. Remote Access Trojans
    c. Mobile Trojans
    d. Covert Channel Trojans
    e. Backdoor Trojans
A

b. Remote Access Trojans

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Trojan Concepts:

  • This Trojan presents various exploitation techniques, creating arbitrary data transfer channels in the data streams authorized by a network access control system.
  • It enables attackers to get an external server shell from within the internal network and vice-versa.
    a. Command Shell Trojans
    b. Remote Access Trojans
    c. Mobile Trojans
    d. Covert Channel Trojans
    e. Backdoor Trojans
A

d. Covert Channel Trojans

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Virus and Worm Concepts:

Infect the system boot sector and the executable files at the same time.

a. Macro Viruses
b. Multipartite Viruses
c. Cluster Viruses
d. Stealth Viruses/Tunneling Viruses

A

b. Multipartite Viruses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Virus and Worm Concepts:

  • Infect files created by Micorsoft Word or Excel.
  • Infect templates or convert infected documents into template files, while maintaining their appearance of ordinary documents files.
    a. Macro Viruses
    b. Multipartite Viruses
    c. Cluster Viruses
    d. Stealth Viruses/Tunneling Viruses
A

a. Macro Viruses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Virus and Worm Concepts:

  • These viruses evade the anti-virus software by intercepting its requests to the operating system.
  • A virus can hide itself by intercepting the anti-virus software’s request to read the file and passing the request to the virus, instead of the OS.
    a. Macro Viruses
    b. Multipartite Viruses
    c. Cluster Viruses
    d. Stealth Viruses/Tunneling Viruses
A

d. Stealth Viruses/Tunneling Viruses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Virus and Worm Concepts:

  • Is a code that mutates while keeping the original algorithm intact.
  • A well-written ______ virus therefore has no parts that stay the same on each infection.
    a. Polymorphic Viruses
    b. Metaporphic Viruses
    c. Logic Bomb Viruses
    d. Companion/Camouflage Viruses
A

a. Polymorphic Viruses

Comments:

The hint here to solve the questions is: keeping the original algorithm.

Polymorphic virus -> encrypt itself with a variable encryption key so that each copy of the virus looks different (because it’s encrypted with a different key). not all of the virus is encrypted, mind you, because the virus needs to decrypt itself in order to operate. as such there is a decryption stub that remains unencrypted and in the simplest polymorphic viruses this stub also remains constant (that part of it always looks the same) so it can be used to detect the presence of the virus. further, because the virus has to decrypt itself in order to operate, and because the unencrypted form of the virus doesn’t change, AV products are often able to recognize the virus by emulating its execution for long enough that it will decrypt itself and then examining the result.

Metamorphic virus is one that can translate and rewrite it’s own code so that, once again, each copy of the virus looks different. unlike polymorphic viruses, metamorphic viruses don’t really require a decryption stub because they aren’t encrypted. when the virus creates a new copy of itself it translates it’s existing instructions into functionally equivalent instructions in a new code.. As a result, no part of the virus remains constant and the virus is never returned to it’s original form during execution, which makes it more difficult for AV products to recognize.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Virus and Worm Concepts:

  • Creates a companion file for each executable file the virus infects.
  • May save itself as notepad.com and every time a user executes notepad.exe (good program), the computer will load notepad.com (virus) and infect the system.
    a. Polymorphic Viruses
    b. Metaporphic Viruses
    c. Logic Bomb Viruses
    d. Companion/Camouflage Viruses
A

d. Companion/Camouflage Viruses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Virus and Worm Concepts:

Is a virus that is triggered by a response to an event.

a. Polymorphic Viruses
b. Metaporphic Viruses
c. Logic Bomb Viruses
d. Companion/Camouflage Viruses

A

c. Logic Bomb Viruses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Virus and Worm Concepts:

  • Replicates on its own.
  • Malicious programs that replicate, execute, and spread across the network connections independently, consuming available computing resources without human interaction.
A

Worms

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Malware Analysis:

Is a windows built-in utility used for checking integrity of the files and track changes to the files.

a. Tripwire File Integrity Manager
b. Verisys
c. Netwrix Auditor
d. SIGVERIF

A

d. SIGVERIF

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Malware Analysis:

  • Are parts of the Windows OS that allow external applications to access OS information such as file systems, threads, errors, registry, kernel, etc.
    a. APIs (Application Programming Interfaces)
    b. GFI LanGuard
    c. Sonar
    d. Nessus
A

a. APIs (Application Programming Interfaces)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Malware Penetration Testing:

Check the data files for modification or manipulation by opening several files and comparing the hash value of these files with a pre-computed hasing using tools like: (Choose 2)

a. SIGVERIF
b. Solarwinds
c. SysAnalyzer
d. Tripwire

A

a. SIGVERIF
d. Tripwire

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
Meu CEH
flashcards
Decks in class (22)
# Cards
Brainscape helps you reach your goals faster, through stronger study habits.
© 2026 Bold Learning Solutions. Terms and Conditions