CEH v10 Malware Threats Exam Questions
and Answers All Correct
Indication of Virus Attack - Answer-1. process take more resources and time
2. computer beeps with no display
3. drive label changes
4. unable to load Operating System
5. constant anti-virus alerts
6. computer freezes frequently or encounters error such as BSOD
7. files and folders are missing
8. suspicious hard driver activity
9. browser window
freezes"
10. lack of storage space
11. unwanted advertisements and pop-up windows
How a computer gets infected by a virus - Answer--When a user accepts files and
downloads without checking properly for the source
-Opening infected email attachments
Installing pirated software
-Not updating and not installing new versions of plug-ins
-Not running the latest anti-virus application
-Clicking malicious online ads
-Using portable media
-Connecting to untrusted network
System or Boot Sector Viruses - Answer-The most common targets for a virus are the
these, which include the master boot record (MBR) and the DOS boot record system
sectors
MBRs are the most virus-prone zones because if the MBR is corrupted, all data will be
lost. The DOS boot sector also executes during the system booting. This is the crucial
point of attack for viruses.
This virus moves MBR (Master Boot Record) to another location on the hard disk and
copies itself to the original location of the MBR
When the system boots, the virus code is executed first and then control is passed to
original MBR
Virus Removal
,-One way to deal with this virus is to avoid the use of the Windows OS and switch to
Linux or Mac because Windows is more prone to these attacks.
-The other way is to carry out antivirus checks on a periodic basis
File Viruses - Answer-Infects files which are executed or interpreted in the system such
as COM, EXE, SYS, OVL, OBJ, PRG, MNU, and BAT files
File viruses can be either direct-action or memory resident
hides their presence by using stealth techniques to reside in a computer's memory in
the same way as the system sector viruses work. It does not show any increase in file
length while performing directory listing.
If a user attempts to read the file, the virus intercepts the request, and the user gets
back his original file
Multipartite Viruses - Answer-When the virus infects the boot sector, it will, in turn, affect
the system's file and vice versa. This type of virus re-infects a system repeatedly if the
virus is not rooted out entirely from the target machine.
Infect the system boot sector and the executable files at the same time
Some of the examples of multipartite viruses include invade, flip, and tequila
Execute the damage routine - users install antivirus updates and eliminate the virus
threats
How a virus infects a system - Answer-o The virus loads itself into memory and checks
for the executable on the disk.
o The virus appends malicious code to a legitimate program without the permission or
knowledge of user.
o The user is unaware of the replacement and launches the infected program.
o The execution of an infected program also infects other programs in the system.
o The above cycle continues until the user realizes there is an anomaly in the system
Phases of a Virus - Answer-Infection Phase
-o A file virus infects by attaching itself to an executable system application program.
Potential targets for virus infections:
-o Boot sector viruses execute their code in the first place before the target PC is
booted.
Attack Phase
-o Viruses execute upon triggering specific events
-o Some viruses execute and corrupt via built-in bug programs after being stored in the
host's memory.
-o The latest and advanced viruses conceal their presence, attacking only after
thoroughly spreading in the host
,Macro Viruses - Answer-Viruses infect templates or convert infected documents into
template file, while maintaining their appearance of ordinary document files
files are created by Microsoft Word or Excel, written using macro language VBA Visual
Basic of Applications
Cluster Viruses - Answer-Virus infect files without changing the file or planting additional
files. They save the virus code to the hard drive and overwrite the pointer in the
directory entry, directing the disk read point to the virus code instead of the actual
program.
Modify directory table entries so that it points users or system processes to the virus
code instead of the actual program
One copy of the virus on the disk infecting all the programs in the computer system
It will launch itself first when any program on the computer system is started and then
the control is passed to actual program
Stealth Viruses/ Tunneling Viruses - Answer-These viruses try to hide from antivirus
programs by actively altering and corrupting the service call interrupts while running.
These viruses state false information to hide their presence from antivirus programs
Evade the anti-virus software by intercepting its requests to the operating system
This virus can hide by intercepting the anti-virus software's request to read the file and
passing the request to the virus, instead of the OS
Virus Removal
-o Always do a cold boot (boot from write-protected CD or DVD)
-o Never use DOS commands such as FDISK to fix the virus
-o Use anti-virus software
Encryption Viruses - Answer-Also known as a Cryptolocker viruses which penetrate the
target system via freeware, shareware, codecs, fake advertisements, torrents, email
spam, and so on
Uses simple encryption to encipher the code
The virus is encrypted with a different key for each infected file
AV scanner cannot directly detect these types of viruses using signature detection
methods
Sparse Infector Viruses - Answer-viruses infect less often and try to minimize the
probability of discovery. This viruses infect only occasionally upon satisfying certain
conditions or only files whose lengths fall within a narrow range
Virus infects only occasionally or only files whose lengths fall within a narrow range
, By infecting less often, such viruses try to minimize the probability of being discovered
Polymorphic Viruses - Answer-A code that mutates while keeping the original algorithm
intact
modify their code for each replication to avoid detection
To enable polymorphic code, the virus has to have a polymorphic engine
A well-written polymorphic virus therefore has no parts that stay the same on each
infection
virus consists of three components: the encrypted virus code, the decryptor routine, and
the mutation engine
Metamorphic Viruses - Answer--rewrite themselves completely each time they are to
infect a new executable
-This code can reprogram itself by translating its own code into a temporary
representation and then back to the normal code again
Malware - Answer-Malicious software that damages or disables computer systems and
gives limited or full control of the systems to its creator for theft or fraud.
Includes Trojan horse, Backdoor, Rootkit, Ransomware, Adware, Virus, Worms,
Spyware, Botnet
and Crypter
Malware is developed and used for - Answer-- Attack browsers and track websites
visited
- Affect system performance, making it very slow
- Cause hardware failure, rendering computers inoperable
- Steal personal information, including contacts
- Erase valuable information, resulting in the substantial data losses
- Attack additional computer systems directly from a compromised system
- Spam inboxes with advertising emails
Different Ways a Malware can Get into a System - Answer-- Instant Messenger
Applications
- Portable Hardware Media /Removable Devices
- Browser and Email Software Bugs
- Insecure Patch management
- Rogue/Decoy Applications
- Untrusted Sites and Freeware Web Applications/Software
- Downloading Files from Internet
- Email Attachments
- File Shareing
-Network Propagation
