Chapter 5 – Malware & Cyber-Attacks

Q: What is malware?

Malware (malicious software) refers to programs designed to disrupt, damage, or gain unauthorized access to systems. Types include viruses, worms, Trojans, ransomware, spyware, and rootkits.

Q: What distinguishes viruses, worms, and Trojans?

Viruses attach to host files and require user activation; Worms self-replicate and spread across networks; Trojans disguise themselves as legitimate software but deliver malicious payloads.

Q: What is ransomware?

Ransomware encrypts victim data and demands payment (often cryptocurrency) for its release. It has become a major cybercrime threat targeting individuals, companies, and critical infrastructure.

Q: How does phishing relate to malware?

Phishing emails trick users into downloading attachments or clicking links that deliver malware. This social engineering vector makes human error a key vulnerability.

Q: What are botnets?

Botnets are networks of compromised computers controlled remotely by attackers. They can be used for spam, DDoS attacks, credential theft, and click fraud.

Q: What is a Distributed Denial of Service (DDoS) attack?

A DDoS attack overwhelms a target server or network with traffic from multiple compromised systems, making it unavailable to legitimate users.

Q: What is spyware and adware?

Spyware secretly monitors user activity and collects data. Adware automatically delivers advertisements, sometimes maliciously. Both may compromise privacy and security.

Q: How does Routine Activities Theory explain malware victimization?

Malware exploits occur when motivated offenders (hackers, cybercriminals) find suitable targets (unprotected users) without capable guardians (antivirus, patches, awareness).

Q: What role does social engineering play in malware distribution?

Attackers manipulate victims into bypassing security—e.g., clicking links, opening attachments, or disabling protections—making human error central to infection.

Q: How do zero-day exploits work?

Zero-day exploits target previously unknown vulnerabilities before developers release patches. They are highly valuable and often traded in underground markets.

Q: What are challenges in defending against malware?

Challenges include rapid evolution of threats, encrypted communication, polymorphic malware (which changes its code), and resource limitations for law enforcement and organizations.

Q: What are international responses to malware threats?

Responses include CERTs (Computer Emergency Response Teams), public-private partnerships, and conventions like the Council of Europe’s Budapest Convention on Cybercrime.