PrepAway - Latest Free Exam Questions & Answers

which is difficult to reverse engineer in a virtual lab?

Which of the following describes a type of malware which is difficult to reverse engineer in a virtual lab?

PrepAway - Latest Free Exam Questions & Answers

A.
Armored virus

B.
Polymorphic malware

C.
Logic bomb

D.
Rootkit

Explanation:
An armored virus is a type of virus that has been designed to thwart attempts by analysts from examining its code by using various methods to make tracing,
disassembling and reverse engineering more difficult. An Armored Virus may also protect itself from antivirus programs, making it more difficult to trace. To do this,
the Armored Virus attempts to trick the antivirus program into believing its location is somewhere other than where it really is on the system.
Incorrect Answers:
B: In computer terminology, polymorphic code is code that uses a polymorphic engine to mutate while keeping the original algorithm intact. That is, the code
changes itself each time it runs, but the function of the code (its semantics) will not change at all. For example, 1+3 and 6-2 both achieve the same result while
using different code. This technique is sometimes used by computer viruses, shellcodes and computer worms to hide their presence. This is not what is described
in this question. Therefore, this answer is incorrect.
C: A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. For example,
a programmer may hide a piece of code that starts deleting files should they ever be terminated from the company. Software that is inherently malicious, such as
viruses and worms, often contain logic bombs that execute a certain payload at a pre-defined time or when some other condition is met. This technique can be
used by a virus or worm to gain momentum and spread before being noticed. Some viruses attack their host systems on specific dates, such as Friday the 13th or
April Fool’s Day. Trojans that activate on certain dates are often called “time bombs”. A logic bomb is not what is described in this question. Therefore, this answer
is incorrect.
D: A rootkit is a collection of tools (programs) that enable administrator-level access to a computer or computer network. Typically, a cracker installs a rootkit on a
computer after first obtaining user-level access, either by exploiting a known vulnerability or cracking a password. Once the rootkit is installed, it allows the attacker
to mask intrusion and gain root or privileged access to the computer and, possibly, other machines on the network. A rootkit may consist of spyware and other
programs that: monitor traffic and keystrokes; create a “backdoor” into the system for the hacker’s use; alter log files; attack other machines on the network; and
alter existing system tools to escape detection. A rootkit is not what is described in this question. Therefore, this answer is incorrect.

http://www.webopedia.com/TERM/A/Armored_Virus.html
http://en.wikipedia.org/wiki/Polymorphic_code
http://en.wikipedia.org/wiki/Logic_bomb
http://searchmidmarketsecurity.techtarget.com/definition/rootkit


Leave a Reply