Mr F Quiz Network

Malicious software, also known as malware, poses a significant threat to computer systems. It includes various types of harmful programs such as viruses, worms, Trojans, ransomware, and spyware. These malicious programs can cause damage to computer systems, steal sensitive information, disrupt operations, and compromise security. Therefore, it is true that malicious software constitutes one of the most significant categories of threats to computer systems.

A zombie is a type of malicious software or malware that is installed on an infected computer without the user's knowledge. Once activated, it can be remotely controlled by an attacker to launch various types of attacks on other machines or networks. These attacks can include sending spam emails, launching distributed denial of service (DDoS) attacks, or spreading malware to other vulnerable systems. Therefore, the statement "A zombie is a program activated on an infected machine that is activated to launch attacks on other machines" is true.

The statement suggests that newer worms are limited to Windows machines. However, this statement is not true. Newer worms can target various operating systems, including Windows, Mac, and Linux. Therefore, the correct answer is False.

A polymorphic virus is a type of computer virus that has the ability to change its code and appearance while maintaining its original function. This allows the virus to create copies that have different bit patterns, making it difficult for antivirus programs to detect and remove them. By constantly changing its code, the virus can evade detection and continue to infect systems. Therefore, the statement that a polymorphic virus creates functionally equivalent but distinct copies to defeat virus scanning programs is true.

Adware is a type of malicious software that is designed to display unwanted advertisements on a user's device. It can cause pop-up ads to appear or redirect the user's browser to commercial websites without their consent. Adware is often bundled with free software or downloaded from untrusted sources, and it can significantly disrupt the user's browsing experience by interrupting their activities and slowing down their device.

This statement is false. Microsoft Word, Excel files, and Adobe PDF files are not completely safe from being infected by viruses. While these file formats have built-in security features to protect against viruses, they can still be susceptible to malware attacks. It is important to have antivirus software installed and regularly update it to minimize the risk of virus infections in these types of files.

Viruses have the ability to mutate and change their genetic makeup, allowing them to evade detection by the immune system or antivirus software. This ability to morph is one of the reasons why viruses can be difficult to control and eradicate. By constantly changing their appearance, viruses can continue to infect and spread without being recognized by the immune system or antivirus programs. Therefore, the statement "Viruses often morph to evade detection" is true.

Ransomware refers to a type of malware that encrypts a user's data and then demands payment in order to provide the key needed to decrypt and recover the information. It essentially holds the user's data hostage until a ransom is paid. This type of attack has become increasingly common in recent years, causing significant disruption and financial loss for individuals and organizations.

A DDoS (Distributed Denial of Service) attack is an attack on a computer system or network that overwhelms it with a flood of internet traffic, rendering it unable to provide services to its users. This attack is typically carried out by multiple compromised devices, such as botnets, which flood the target system with a high volume of requests, causing it to become overloaded and inaccessible to legitimate users.

Unsolicited bulk e-mail, commonly known as spam, refers to the practice of sending large quantities of unwanted and often malicious emails to a wide range of recipients. This type of email causes significant costs for the network infrastructure as it requires resources to relay and handle the high volume of traffic. Additionally, users are burdened with the task of filtering out these unwanted emails from their legitimate ones, leading to wasted time and potential security risks.

A backdoor refers to any mechanism that allows unauthorized access to a system or bypasses normal security checks. It provides an alternative entry point for attackers to gain control over a system without going through the usual authentication processes. This can pose a significant threat to the security of a system or network as it allows malicious actors to exploit vulnerabilities and gain unauthorized access. Therefore, the statement that a backdoor is any mechanism that bypasses a normal security check is true.

Denying normal users the right to modify programs on the system can help prevent many forms of infection. This is because when users are not able to modify programs, they are unable to make unauthorized changes that could introduce vulnerabilities or malicious code. By restricting user privileges, the system can maintain a higher level of security and reduce the risk of infections caused by user actions.

A logic bomb is a type of malicious code that remains inactive until a specific condition is met. Once triggered, it can execute unauthorized actions, such as deleting files or causing system failures. Unlike a rootkit, which hides itself on a system, or a worm, which replicates itself, a logic bomb is designed to stay dormant until its predefined condition is fulfilled, making it a suitable answer for the given question. A keylogger, on the other hand, is a type of software that records keystrokes, and while it can be used for unauthorized purposes, it does not specifically match the description provided.

Worms can indeed spread through shared media such as USB drives or CD and DVD data disks. Worms are a type of malware that can replicate themselves and spread from one device to another, often using removable media as a means of transmission. Therefore, the statement that worms cannot spread through shared media is false.

Spyware is a type of software that secretly collects information from a computer and sends it to another system without the user's knowledge or consent. It is designed to gather sensitive data such as browsing habits, passwords, and personal information, which can then be used for malicious purposes. Unlike other types of malware, spyware operates covertly and aims to remain undetected in order to continue stealing data over an extended period of time.

A backdoor, also known as a trapdoor, is a secret entry point into a program that allows someone who is aware of the door to gain access without going through the usual security access procedures. It is a hidden vulnerability intentionally created by the developer or an unauthorized modification that bypasses normal authentication processes, granting unauthorized access to the system. This can be used for various purposes, such as debugging, maintenance, or malicious activities like unauthorized data access or control.

A virus, although attached to an executable program, can indeed do things that the program is permitted to do. Viruses are malicious software designed to replicate and spread, often causing harm to a computer system or stealing sensitive information. Once a virus is executed, it can perform various actions such as modifying or deleting files, corrupting data, disrupting system operations, and even spreading to other programs or systems. Therefore, the statement that a virus cannot do anything that the program is permitted to do is false.

Propagation is the correct answer because during this phase, the virus spreads or replicates itself by inserting a copy of its code into other programs or specific areas on the disk. This allows the virus to infect other files or systems, increasing its reach and potential to cause harm.

A worm typically uses all of the above phases. During the dormant phase, the worm remains inactive and hides in the system to avoid detection. In the execution phase, the worm carries out its malicious activities, such as replicating itself and spreading to other systems. The triggering phase refers to the event or condition that activates the worm's malicious behavior. Therefore, all of these phases are utilized by a worm to propagate and carry out its malicious actions.

The statement is true because malware can indeed be categorized into two broad categories based on how it spreads and the actions it performs. The first category is based on the method of propagation, such as through email attachments, infected websites, or network vulnerabilities. The second category is based on the actions or payloads it carries out once it infects a target, such as data theft, system damage, or unauthorized access.

A worm is a type of malware that is capable of replicating itself and spreading to other systems without any human intervention. In order to achieve this, a worm needs to access remote systems through various means such as exploiting vulnerabilities in network protocols or using social engineering techniques. Therefore, the statement "To replicate itself, a worm uses some means to access remote systems" is true.

The trigger is the event or condition that determines when the payload is activated or delivered. It acts as a signal or stimulus that initiates the execution of the payload. In the context of this question, the trigger is the crucial component that sets off the activation or delivery of the payload, making it the correct answer.

A worm is a type of computer program that is capable of operating autonomously and spreading itself to other computers on a network. Unlike viruses, worms do not require a host file to attach themselves to, as they are able to propagate a complete and functional copy of their program onto other machines. This allows worms to rapidly spread and infect multiple systems, often causing significant damage and disruption.

The correct answer is four because antivirus software can generally be categorized into four generations based on their development and capabilities. The first generation focused on simple signature-based detection, the second introduced heuristics and behavior analysis, the third included cloud-based scanning and machine learning, and the fourth generation incorporates advanced technologies like artificial intelligence and deep learning. Therefore, there are four generations of antivirus software.

Mobile code refers to software or instructions that can be transported to different platforms and executed with the same meaning. It is designed to be portable and capable of running on various systems without modification. This allows for flexibility and interoperability across different platforms, making it easier to distribute and execute code across heterogeneous environments. Examples of mobile code include Java applets, JavaScript, and Adobe Flash.

A downloader is a program that is designed to install other items on a machine that is under attack. It is typically used by attackers to download and install malicious software or malware onto the compromised machine. This allows the attacker to gain control over the system and carry out further malicious activities. Downloaders are often used as a first step in a larger attack, as they enable the installation of additional tools or malware that can be used to exploit the compromised system.

A virus is a type of malware that is designed to replicate itself within other executable code. Once executed, it attempts to spread and infect other files or programs on the system. This replication process allows the virus to spread and potentially cause harm to the infected system. Therefore, the correct answer is "Virus."

A rootkit is a set of hacker tools used after an attacker has gained unauthorized access to a computer system and obtained root-level privileges. This allows the attacker to maintain control over the compromised system while remaining undetected by traditional security measures. Rootkits are typically used to hide malicious activities, such as backdoors, keyloggers, and other malware, making it difficult for the system owner or security software to detect and remove them.

A trojan horse is a type of computer program that disguises itself as a useful software but contains a hidden and harmful function. It is designed to bypass security measures and can cause damage to the user's computer or steal sensitive information. Like the ancient Greek story of the Trojan Horse, which was a wooden horse used to sneak Greek soldiers into the city of Troy, a trojan horse program tricks users into installing it, allowing unauthorized access or control over their system.

A keylogger is a type of malicious software that captures and records keystrokes on a compromised system. This means that it can track and record everything that a user types on their keyboard, including passwords, credit card details, and other sensitive information. This information can then be accessed and used by attackers for malicious purposes. Therefore, a keylogger is the correct answer for the question.

A stealth virus is a form of virus explicitly designed to hide itself from detection by antivirus software. Unlike other types of viruses, a stealth virus actively tries to evade detection by disguising its presence and altering its code. It achieves this by modifying its own code or the code of the files it infects, making it difficult for antivirus software to identify and remove it. This allows the virus to remain undetected and continue its malicious activities without being detected by security measures.

Spam programs are specifically designed to send out large quantities of unwanted emails to multiple recipients. These emails are typically unsolicited and often contain advertisements, scams, or malicious content. Spamming is considered unethical and can be illegal in many jurisdictions.

A downloader is a type of software or program that is used to download files from the internet. It is commonly sent as an attachment in an email, allowing the recipient to download and install the software on their device. Therefore, the statement "Usually, a downloader is sent in an e-mail" is true.

A polymorphic virus is a type of virus that changes its code or signature with each infection, making it difficult to detect using traditional virus signature-based detection methods. This constant mutation allows the virus to evade detection by antivirus software that relies on identifying specific patterns or signatures of known viruses.

A phishing attack is a type of cyber attack that uses social engineering techniques to deceive users into believing that they are interacting with a trusted source, such as a legitimate website or email. The attacker typically sends fake emails or creates fake websites that mimic the appearance of trusted organizations, tricking users into providing sensitive information such as passwords, credit card numbers, or personal data. By exploiting the user's trust in the supposed trusted source, the attacker can gain unauthorized access to sensitive information or carry out other malicious activities.

A rootkit is a set of programs that are installed on a system with the purpose of maintaining covert access and administrator privileges. It is designed to hide any evidence of its presence to the greatest extent possible. Rootkits are often used by hackers or malicious actors to gain unauthorized access to a system and carry out malicious activities without being detected. They can be difficult to detect and remove, making them a significant threat to the security and integrity of a system.

The topological method uses information contained on an infected victim machine to find more hosts to scan. This method involves analyzing the network topology, such as the relationships between different hosts and their connections, to determine the most efficient path for spreading the infection. By leveraging this information, the attacker can identify potential targets that are likely to be connected to the infected machine and continue the scanning process.

The statement is false because the given list of propagation mechanisms is incorrect. The correct propagation mechanisms include system corruption, bots, phishing, spyware, and worms, not rootkits.

A zombie program refers to a malicious software that has infected a machine and is programmed to launch attacks on other machines. Once activated, this program can operate autonomously and carry out various malicious activities without the user's knowledge or consent. It typically forms part of a larger network of compromised machines, known as a botnet, which can be controlled remotely by an attacker. The term "zombie" is used metaphorically to describe the infected machine, as it is essentially under the control of the attacker and can be used to launch coordinated attacks on other targets.

In a direct DDoS attack, the attacker is able to implant zombiesoftware on a number of sites distributed throughout the Internet. This allows the attacker to launch a coordinated and simultaneous attack on the targeted system or network from multiple sources, overwhelming it with a flood of traffic. Unlike other types of DDoS attacks, such as reflector DDoS where the attacker uses third-party servers to amplify the attack, in a direct DDoS attack the attacker directly controls the compromised machines to carry out the attack.

The term "kit" refers to a set of tools or equipment that are used for a specific purpose. In this context, the term "kit" is used to describe a set of tools for generating new viruses automatically. This implies that the tools in the kit can be used to create viruses without manual intervention.

The correct answer is Robert Morris. In 1988, Robert Tappan Morris, a computer scientist, released the Morris Worm, which was one of the earliest and most notable instances of a worm infection on the Internet. The worm spread rapidly, affecting thousands of computers and causing significant disruption. Morris's intention was not to cause harm but to gauge the size of the Internet. However, the worm's unintended consequences led to his prosecution and the development of early computer security measures.

In this approach, the attacker takes advantage of vulnerabilities in web browsers. When the user visits a webpage controlled by the attacker, the webpage contains malicious code that exploits a bug in the browser. This allows the attacker to download and install malware on the user's system without their knowledge or consent. This technique is commonly known as a "drive-by download" and is frequently used in recent attack kits.

The first function in the propagation phase for a network worm is for it to search for other systems to infect, a process known as scanning. This scanning process involves the worm performing a series of actions to identify potential vulnerable systems that can be exploited. One of the actions involved in scanning is finger printing, where the worm gathers information about the target system's characteristics and vulnerabilities. This information is then used to determine the best method to infect the system and propagate further.

A blended attack is a type of cyber attack that combines multiple methods of infection or propagation in order to maximize the speed of contagion and the severity of the attack. This means that the attacker may use various techniques such as email attachments, social engineering, and exploiting software vulnerabilities to spread malware or gain unauthorized access to systems. By combining different methods, the attacker can increase the chances of success and cause more damage to the targeted system or network.

This statement is false. Payloads do not exclusively include those used by viruses, worms, and trojans. Payload refers to the part of malware that performs malicious actions on the victim's computer. While viruses, worms, and trojans can have payloads, there are also other types of malware that can have payloads, such as ransomware or spyware. Therefore, it is incorrect to say that payloads only include those used by viruses, worms, and trojans.

An auto rooter is a type of malicious hacker tool that is used to remotely break into machines. It is designed to automatically exploit vulnerabilities in computer systems, gaining unauthorized access and control over them. This tool enables hackers to remotely gain root or administrator access to compromised machines, allowing them to carry out various malicious activities such as stealing sensitive information, installing malware, or causing damage to the targeted system.

Macro viruses are a type of virus that specifically infect scripting code used to support active content in different user document types. These viruses exploit the macros present in documents such as Word, Excel, and PowerPoint to execute malicious actions. By infecting these macros, the virus can spread to other documents and potentially cause harm to the user's system. Therefore, the given answer "Macro viruses" accurately describes the type of viruses that infect scripting code in various user document types.