📘 Chapter 2 – Malware and Social Engineering Attacks

Q: What is malware?

A: Malicious software that enters a system without the user’s knowledge or consent.

Q: How does malware work?

A: Uses a threat vector to deliver a malicious payload that performs harmful actions.

Q: How can malware be classified?

A: By its primary trait:

• Circulation

• Infection

• Concealment

• Payload capabilities

Q: Which malware types focus on circulation?

A: Viruses and worms.

Q: What is a program virus?

A: A virus that infects executable files.

Q: What is a macro virus?

A: A virus written in macro scripts inside data files.

Q: What is an appender infection?

A: Virus attaches itself to the end of a file.

Q: Why are appender infections easier to detect?

A: File size changes are noticeable.

Q: What is an armored virus?

A: A virus designed to avoid detection.

Q: What is Swiss cheese infection?

A: Virus injects scrambled code into executable files.

Q: What is split infection?

A: Virus splits into multiple parts scattered in a file.

Q: What is an oligomorphic virus?

A: Changes to one of several predefined forms.

Q: What is a polymorphic virus?

A: Completely changes form on each execution.

Q: What is a metamorphic virus?

A: Rewrites its own code every time it runs.

Q: What two actions do viruses perform?

A:

• Execute a payload

• Reproduce by infecting files

Q: Can viruses spread automatically over a network?

A: No, they require user action.

Q: What is a worm?

A: Malware that spreads automatically across networks.

Q: Do worms require user action?

A: No.

Q: Do worms infect files?

A: No.

Q: Key difference between virus and worm?

A:

• Virus: needs user action, infects files

• Worm: spreads autonomously over networks

Q: Which malware types focus on infection?

A:

• Trojans

• Ransomware

• Crypto-malware

Q: What is a Trojan?

A: A program that performs hidden malicious actions.

Q: What is a Remote Access Trojan (RAT)?

A: Trojan that gives attackers remote control of a system.

Q: What is ransomware?

A: Malware that locks systems until ransom is paid.

Q: Why is ransomware profitable?

A: Victims are pressured to pay quickly.

Q: What is crypto-malware?

A: Ransomware that encrypts all files.

Q: How does crypto-malware work?

A:

• Contacts C&C server

• Encrypts files

• Sends decryption key only after payment

Q: What is a rootkit?

A: Malware that hides itself and other malicious activity.

Q: Why are rootkits dangerous?

A: The system can no longer be trusted.

Q: What are common malware payloads?

A:

• Collect data

• Delete data

• Modify security settings

• Launch attacks

Q: What is spyware?

A: Software that secretly collects personal data.

Q: What is a keylogger?

A: Records keystrokes to capture sensitive data.

Q: Hardware vs software keyloggers?

A:

• Hardware: physical device

• Software: installed remotely

Q: What is adware?

A: Malware that displays unwanted advertisements.

Q: Why is adware disliked?

A: Slows systems, disrupts productivity, shows unwanted content.

Q: What is a logic bomb?

A: Dormant code triggered by a specific event.

Q: What is a backdoor?

A: Hidden access that bypasses security controls.

Q: What is a bot (zombie)?

A: An infected system controlled remotely.

Q: What is a botnet?

A: A network of bots controlled by an attacker.

Q: Common botnet uses?

A:

• Spam

• Malware distribution

• DDoS attacks

• Poll manipulation

Q: What is social engineering?

A: Manipulating people to gain information or access.

Q: Common psychological social engineering methods?

A:

• Impersonation

• Phishing

• Spam

• Hoaxes

• Watering hole attacks

Q: What is impersonation?

A: Pretending to be a trusted authority.

Q: What is phishing?

A: Fake messages tricking users into revealing data.

Q: What is spear phishing?

A: Targeted phishing.

Q: What is whaling?

A: Phishing aimed at executives.

Q: What is vishing?

A: Phishing via phone calls.

Q: What is spam?

A: Unsolicited email, often used to spread malware.

Q: What is image spam?

A: Spam using images to bypass filters.

Q: What is a hoax?

A: Fake warnings that trick users into weakening security.

Q: What is a watering hole attack?

A: Compromising a website frequently visited by a target group.

Q: Two common physical attacks?

A:

• Dumpster diving

• Tailgating

Q: What is dumpster diving?

A: Searching trash for sensitive information.

Q: What is Google dorking?

A: Using search engines to find exposed data.

Q: What is tailgating?

A: Following authorized users into secure areas.

Q: What is shoulder surfing?

A: Observing credentials being entered.