Which type of malicious software is used to steal passwords typed into a computer?

Latest Types of Malicious Softwares MCQ Objective Questions

Types of Malicious Softwares Question 1:

What is Anti-spyware software?

1. Checks files before they are loaded on a computer

2. It detects and removes programs installed illegally on a user's computer system

3. Makes the files non-readable
4. Manages the data traffic

Answer (Detailed Solution Below)

Option 2 :

It detects and removes programs installed illegally on a user's computer system

Spyware is software that secretly records information about user activities on their system. It could capture credit card details that can be used by cybercriminals for unauthorized shopping, money withdrawing, etc.

• It is a type of software that is designed to detect and remove unwanted spyware programs
• Spyware is software that continuously gathers user information and important data through the user’s Internet connection without his or her knowledge where this anti-spyware blocks this.
• ​This software basically uses behavioral scanning techniques/methods to detect and remove spyware.
• This software scans your hard disk and registry for traces of spyware and adware and then either removes them or prompts the user to remove them.
• These programs monitor incoming data from e-mail, websites, and downloads of files and stop spyware programs from getting a foothold in the computer operating system.

Hence anti-spyware software detects and removes programs installed illegally on a user's computer system.

• The system file checker (SFC) scans the system files and confirms they have not been compromised or replaced with unofficial versions. If an unexpected version is found, SFC attempts to restore it from copies or original installation media.
• A read-only file is any file with the read-only file attribute turned on. It can be opened and viewed like any other file, but writing to it (saving changes) won't be possible. In other words, the file can only be read from, not written to.
• Network traffic is the amount of data moving across a computer network at any given time. Network traffic, also called data traffic, is broken down into data packets and sent over a network before being reassembled by the receiving device or computer.

Types of Malicious Softwares Question 2:

Which one of the following is a disadvantage of using proprietary software rather than open source software?

1. Proprietary software can only be accessed with a password
2. Proprietary software can only be used on proprietary systems
3. Proprietary software can only be used with an Internet connection
4. Proprietary software is usually more expensive

Answer (Detailed Solution Below)

Option 4 : Proprietary software is usually more expensive

The Correct answer is Proprietary software is usually more expensive

A software whose source code is freely distributed with a license to study, change, and further distribute to anyone for any purpose is called open-source software. 

Software that can be used only by obtaining a license from its developer after paying for it is called proprietary software.

Hence the correct answer is Proprietary software is usually more expensive

Types of Malicious Softwares Question 3:

Given below are two statements, one is labelled as Assertion A and the other is labelled as Reason R

Assertion A: Malware is an unwanted software that an unauthorized person wants to run on other computers.

Reason R: Virus obtains control of a computer and directs it to perform unusual and often destructive actions.

In light of the above statements, choose the correct answer from the options given below:

1. ​Both A and R are correct and R is the correct explanation of A.
2. Both A and R are correct but R is not the correct explanation of A.
3. A is true but R is false.
4. A is false but R is true.

Answer (Detailed Solution Below)

Option 2 : Both A and R are correct but R is not the correct explanation of A.

Assertion A: Malware is an unwanted software that an unauthorized person wants to run on other computers.

Explanation:

• Computer systems are vulnerable to many threats that can inflict various types of damage resulting in significant losses.
• A threat is a potential violation of security and when the threat gets executed, it becomes an attack.
• Those who execute such threats are known as attackers.
• Malware stands for malicious software.
• It is a broad term that refers to a variety of malicious programs that are used to damage the computer system, gather sensitive information, or gain access to private computer systems.
• Malware is an unwanted software that an unauthorized person wants to run on your computer.
• These are known as security threats.
• It includes computer viruses, worms, trojan horses, rootkits, spyware, adware etc.

Thus, A is correct.

Reason R: Virus obtains control of a computer and directs it to perform unusual and often destructive actions.

Explanation:

• Virus stands for vital information resource under siege.
• Computer Viruses or perverse software are small programs that can negatively affect the computer.
• It obtains control of a PC and directs it to perform unusual and often destructive actions.
• A virus copies and attaches itself to other programs which further spread the infection.
• The virus can affect or attack any part of the computer software such as the boot block, operating system, system areas, files and application program. 

Thus, R is correct but R is not the correct explanation of A.

Hence, Both A and R are correct but R is not the correct explanation of A.

Types of Malicious Softwares Question 4:

The process through which an illegitimate website pretends to be a specific legitimate website is known as

1. sniffing
2. spoofing
3. back doors
4. war dialing

Answer (Detailed Solution Below)

Option 2 : spoofing

The process through which an illegitimate website pretends to be a specific legitimate website is known as "spoofing."

Spoofing:

1. Spoofing is the act of disguising a communication from an unknown source as being from a known, trusted source.
2. Spoofing can apply to emails, phone calls, and websites, or can be more technical, such as a computer spoofing an IP address, Address Resolution Protocol (ARP), or Domain Name System (DNS) server.
3. Spoofing can be used to gain access to a target’s personal information, spread malware through infected links or attachments, bypass network access controls, or redistribute traffic to conduct a denial-of-service attack.
4. Spoofing is often the way a bad actor gains access in order to execute a larger cyber attack such as an advanced persistent threat or a man-in-the-middle attack.

1. Sniffing:

• Sniffing is the process of monitoring and capturing all data packets that are passing through a computer network using packet sniffers.
• Packet Sniffers are used by network administrators to keep track of data traffic passing through their network.
• These are called network protocol analyzers.
• In the same way, malicious attackers employ the use of these packet sniffing tools to capture data packets in a network.  

2. Back Doors

• In the world of cybersecurity, a backdoor refers to any method by which authorized and unauthorized users are able to get around normal security measures and gain high-level user access (aka root access) on a computer system, network, or software application.
• Once they're in, cybercriminals can use a backdoor to steal personal and financial data, install additional malware, and hijack devices.

3. War Dialing:

• War dialing refers to the use of various kinds of technology to automatically dial many phone numbers, usually in order to find weak spots in an IT security architecture.
• Hackers often use war dialing software, sometimes called "war dialers" or "demon dialers," to look for unprotected modems.

Types of Malicious Softwares Question 5:

Ankur receives an email informing him that his credit card is going to be cancelled. The email advises him to click on the provided link and sign into his online banking account to prevent this from happening, which he does. A week later, Ankur notices that Rs. 10,000 has been withdrawn from his bank account. What has Ankur fallen victim to?

1. A phishing scam
2. A Trojan horse
3. Online blackmail
4. A virus

Answer (Detailed Solution Below)

Option 1 : A phishing scam

A phishing scam:

• Phishing is a trick used by scammers to know one's personal information.
• They usually use e-mail or text messages to divert the person and still his/her personal details.
• It could be a dangerous threat to online data, money, and property.
• It is an initial practice and comes under cybercrime.
• The scammers use phishing viruses to access the data from the user's device.
• The incident given in the statement 'Ankur receives an email informing him that his credit card is going to be cancelled. The email advises him to click on the provided link and sign into his online banking account to prevent this from happening, which he does. A week later, Ankur notices that Rs. 10,000 has been withdrawn from his bank account.' This is a clear example of a phishing scam.

A Trojan horse:

• It is a type of malware that often disguised as a legitimate software
• It is used by cyber thieves and hackers to access user systems.
• Once it activated on the device, it enables hackers and cybercriminals to spy on the device.
• It can impact in a number of ways like deleting data, blocking data, modifying data, copying data, disrupting computer performances, etc.

Online blackmail:

• It is the act of threatening to share information about an individual (including images or video) to the public, their friends, or family online unless a demand is met.

A virus: 

• It is a type of malicious code or program written to alter the way a computer operates and is designed to spread from one computer to another.
• Some of the computer viruses are, Wannacry, Cryptolocker, Zeus, etc.

The process through which an illegitimate website pretends to be a specific legitimate website is known as

1. sniffing
2. spoofing
3. back doors
4. war dialing

Answer (Detailed Solution Below)

Option 2 : spoofing

The process through which an illegitimate website pretends to be a specific legitimate website is known as "spoofing."

Spoofing:

1. Spoofing is the act of disguising a communication from an unknown source as being from a known, trusted source.
2. Spoofing can apply to emails, phone calls, and websites, or can be more technical, such as a computer spoofing an IP address, Address Resolution Protocol (ARP), or Domain Name System (DNS) server.
3. Spoofing can be used to gain access to a target’s personal information, spread malware through infected links or attachments, bypass network access controls, or redistribute traffic to conduct a denial-of-service attack.
4. Spoofing is often the way a bad actor gains access in order to execute a larger cyber attack such as an advanced persistent threat or a man-in-the-middle attack.

1. Sniffing:

• Sniffing is the process of monitoring and capturing all data packets that are passing through a computer network using packet sniffers.
• Packet Sniffers are used by network administrators to keep track of data traffic passing through their network.
• These are called network protocol analyzers.
• In the same way, malicious attackers employ the use of these packet sniffing tools to capture data packets in a network.  

2. Back Doors

• In the world of cybersecurity, a backdoor refers to any method by which authorized and unauthorized users are able to get around normal security measures and gain high-level user access (aka root access) on a computer system, network, or software application.
• Once they're in, cybercriminals can use a backdoor to steal personal and financial data, install additional malware, and hijack devices.

3. War Dialing:

• War dialing refers to the use of various kinds of technology to automatically dial many phone numbers, usually in order to find weak spots in an IT security architecture.
• Hackers often use war dialing software, sometimes called "war dialers" or "demon dialers," to look for unprotected modems.

"Skimming" in e-banking refers to

1. Identifying fraudsters copying vital information from credit cards
2. Multiple transactions by one credit card
3. Conversion of a debit card into credit card
4. Excessive charge for online services

Answer (Detailed Solution Below)

Option 1 : Identifying fraudsters copying vital information from credit cards

Skimming" in e-banking refers to Identifying fraudsters copying vital information from credit cards

• Skimming is an illegal practice used by identity thieves to capture credit card information from a cardholder surreptitiously.
• Fraudsters often use a device called a skimmer that can be installed at gas pumps or ATM machines to collect card data.
• Some machines act like point-of-sale technology. An acquired card is swiped, and a touchpad allows the user to enter a security code.
• Card users are warned to keep their cards in their sight at all times and to cover the pin pad when inputting security codes at ATMs.

In the context of IT/ICT, which one of the following about spamming is true?

1. Spamming is posting or e-mailing unsolicited advertising messages to a wide audience
2. Spamming is sending lines of nonsensical garbage in a chat Conversation
3. Spamming is posting a message that contains a graphic description of something offensive
4. Spamming is an attempt to acquire sensitive information of Malicious reasons, by masquerading as a trustworthy entity

Answer (Detailed Solution Below)

Option 1 : Spamming is posting or e-mailing unsolicited advertising messages to a wide audience

ICT provides information and communication technology for people to connect and learn. It has an essential role to play in the education sector. The explosive growth of the Internet has brought forth a proliferation of advertising messages spread online.

Spamming:

• In general, the word spam is commonly used to describe unsolicited e-mails that are sent in bulk.
• It is the use of electronic messaging systems like emails and other digital delivery systems to send unwanted bulk messaged indiscriminately.
• Spamming means posting or emailing unsolicited advertising messages to a wide audience. It is used by companies to market their products, sometimes they are also used for dubious purposes to scam innocent people.
• The term can typically be used for other media like in internet forums, instant messaging, and mobile text messaging, social networking, television advertising, etc.

NOTE:

Phishing: It is an attempt to target confidential and sensitive information including usernames and passwords, credit card details, bank account information and other personal information by falsely mimicking or masquerading a trustworthy entity.

Hence, it can be concluded from the given points that in the context of ICT, spamming is posting or e-mailing unsolicited advertising messages to a wide audience.

Radha receives an email claiming that her credit card account is about to be suspended unless she emails her credit card details and personal identification number (PIN) immediately. What is this an example of?

1. Spamming
2. Phishing
3. Virus Signing
4. Scanning

Answer (Detailed Solution Below)

Option 2 : Phishing

The correct solution is "Phishing".

Phishing is acquiring the personal and sensitive information of a person through official-looking emails. Users of online banking and e-commerce websites are more prone to this attack.

Malware is any software intentionally designed to cause damage to a computer, server, client, or computer network. A wide variety of malware types exist, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software, wiper, and scareware.

Different types of malicious software are:

• Computer virus- A computer virus is malicious software that self-replicates and attaches itself to other files/programs. It is capable of executing secretly when the host program/file is activated. The different types of Computer viruses are Memory-Resident Virus, Program File Virus, Boot Sector Virus. etc.
• Worm- A worm is malicious software which similar to that of a computer virus is a self-replicating program, however, in the case of worms, it automatically executes itself. Worms spread over a network and are capable of launching a cumbersome and destructive attack within a short period.
• Trojan horses- Unlike a computer virus or a worm – the Trojan horse is a non-replicating program that appears legitimate. After gaining the trust, it secretly performs malicious and illicit activities when executed. Hackers make use of Trojan horses to steal a user’s password information, destroy data or programs on the hard disk. It is hard to detect.
• Spyware- Spyware secretly records information about a user and forwards it to third parties. The information gathered may cover files accessed on the computer, a user’s online activities, or even the user’s keystrokes.
• Rootkit- A rootkit is malicious software that alters the regular functionality of an OS on a computer in a stealthy manner. The altering helps the hacker to take full control of the system and the hacker acts as the system administrator on the victim’s system. Almost all the rootkits are designed to hide their existence.
• Phishing is the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords, and credit card details, or other sensitive details, by impersonating oneself as a trustworthy entity in digital communication.
• Spoofing is the act of disguising a communication from an unknown source as being from a known, trusted source. Spoofing can apply to emails, phone calls, and websites, or can be more technical, such as a computer spoofing an IP address, Address Resolution Protocol (A R P), or Domain Name System (D N S) server.
• Pharming is a scamming practice in which malicious code is installed on a personal computer or server, misdirecting users to fraudulent Web sites without their knowledge or consent. Pharming has been called "phishing without a lure."

What is spyware in respect of computer software? 

1. Software that aims to gather information about a person without his/her knowledge, and that may send such information to another entity.
2. Legitimate software that allows companies to monitor and supervise the computers of their employees from a central location.
3. Software used to disrupt computer operation or gain access to private computer systems.
4. A computer program hidden within another seemingly harmless program that produces copies of itself into another programs or files.

Answer (Detailed Solution Below)

Option 1 : Software that aims to gather information about a person without his/her knowledge, and that may send such information to another entity.

These days most of our important transactions happen over the internet which leads to exposing our personal data to cybercriminals or hackers. These hackers have devised numerous ways to steal important data which is then put to misuse.

Malware: It is short for ‘malicious software’. Malware' is a general term used to refer to a variety of intrusive software.

Types of Malware

1. Spyware:

• “Spyware” is a generic term used to describe software that is implicitly designed to spy on or collect data about Internet search habits or other private information without the user's consent.
• It will gather information on users’ habits such as browsed websites, accessed applications and downloaded programs and send them to a third party.
• They can have even more direct effects, like stealing passwords and credit card information.
• Spyware is generally not self-proliferating, i.e. they do not spread from one infected system to another.

1. Phishing: It refers to online theft of identity in which an individual’s confidential information is obtained. This confidential information may include sensitive information including usernames and passwords, credit card details, bank account information and other personal information.
2. Virus: It is a self-replicating program that spreads by inserting copies of itself into other executable code or documents. A computer virus behaves in a way similar to a biological virus. It is a type of malware.
3. Worm: It is also a self-replicating computer program, but unlike a virus, it is self-contained and does not need to attach itself to another executable program.
4. Trojan Horse: A Trojan Horse program has the appearance of having a useful and desired function. It neither replicates nor copies itself, but causes damage or compromises the security of the computer.

Hence, it can be concluded from the given points that spyware is a software that aims to gather information about a person without his/her knowledge and that may send such information to another entity.

Given below are two statements, one is labeled as Assertion A and the other is labeled as Reason R

Assertion A: Privacy and security of user data are at stake on the Internet.

Reason R: No steps are being taken by the user for the security and privacy of data.

In light of the above statements, choose the most appropriate answer from the options given below

1. Both A and R are correct and R is the correct explanation of A
2. Both A and R are correct but R is NOT the correct explanation of A
3. A is correct but R is not correct
4. A is not correct but R is correct

Answer (Detailed Solution Below)

Option 1 : Both A and R are correct and R is the correct explanation of A

Privacy: It helps to block websites, internet browsers, cable companies, and internet service providers from tracking your information and your browser history. 

Security: It helps protect you from other people accessing your personal information and other data.

Assertion:

• Data protection can be measured through data security and privacy.
• It deals with the proper handling of data and data protection regulation.
• It covers all grounds like collection, storage, management, and sharing of data.

• Privacy is safeguarding user identity, while security is the safeguard of data.
• Security protects unauthorized access of data over the internet.
• But privacy is sometimes difficult to deal with.
• So it is possible to have privacy without security but we can have security without privacy.

Hence, the assertion is correct.

Reason:

• Different sites have their own privacy policies and security system. Users need to follow it carefully.
• If a user does not take any step for the security and privacy of data, it could be at stake on the Internet.

Hence, the reason is also correct.

So, Both A and R are correct and R is the correct explanation of A.

Ankur receives an email informing him that his credit card is going to be cancelled. The email advises him to click on the provided link and sign into his online banking account to prevent this from happening, which he does. A week later, Ankur notices that Rs. 10,000 has been withdrawn from his bank account. What has Ankur fallen victim to?

1. A phishing scam
2. A Trojan horse
3. Online blackmail
4. A virus

Answer (Detailed Solution Below)

Option 1 : A phishing scam

A phishing scam:

• Phishing is a trick used by scammers to know one's personal information.
• They usually use e-mail or text messages to divert the person and still his/her personal details.
• It could be a dangerous threat to online data, money, and property.
• It is an initial practice and comes under cybercrime.
• The scammers use phishing viruses to access the data from the user's device.
• The incident given in the statement 'Ankur receives an email informing him that his credit card is going to be cancelled. The email advises him to click on the provided link and sign into his online banking account to prevent this from happening, which he does. A week later, Ankur notices that Rs. 10,000 has been withdrawn from his bank account.' This is a clear example of a phishing scam.

A Trojan horse:

• It is a type of malware that often disguised as a legitimate software
• It is used by cyber thieves and hackers to access user systems.
• Once it activated on the device, it enables hackers and cybercriminals to spy on the device.
• It can impact in a number of ways like deleting data, blocking data, modifying data, copying data, disrupting computer performances, etc.

Online blackmail:

• It is the act of threatening to share information about an individual (including images or video) to the public, their friends, or family online unless a demand is met.

A virus: 

• It is a type of malicious code or program written to alter the way a computer operates and is designed to spread from one computer to another.
• Some of the computer viruses are, Wannacry, Cryptolocker, Zeus, etc.

Extra browser window of commercials that open automatically on browsing web pages is called

1. spam
2. virus
3. phishing
4. pop-up

Answer (Detailed Solution Below)

Option 4 : pop-up

The process through which an illegitimate website pretends to be a specific legitimate website is known as "spoofing."

Spoofing:

1. Spoofing is the act of disguising a communication from an unknown source as being from a known, trusted source.
2. Spoofing can apply to emails, phone calls, and websites, or can be more technical, such as a computer spoofing an IP address, Address Resolution Protocol (ARP), or Domain Name System (DNS) server.
3. Spoofing can be used to gain access to a target’s personal information, spread malware through infected links or attachments, bypass network access controls, or redistribute traffic to conduct a denial-of-service attack.
4. Spoofing is often the way a bad actor gains access in order to execute a larger cyber attack such as an advanced persistent threat or a man-in-the-middle attack.

1. Sniffing:

• Sniffing is the process of monitoring and capturing all data packets that are passing through a computer network using packet sniffers.
• Packet Sniffers are used by network administrators to keep track of data traffic passing through their network.
• These are called network protocol analyzers.
• In the same way, malicious attackers employ the use of these packet sniffing tools to capture data packets in a network.  

2. Back Doors

• In the world of cybersecurity, a backdoor refers to any method by which authorized and unauthorized users are able to get around normal security measures and gain high-level user access (aka root access) on a computer system, network, or software application.
• Once they're in, cybercriminals can use a backdoor to steal personal and financial data, install additional malware, and hijack devices.

3. War Dialing:

• War dialing refers to the use of various kinds of technology to automatically dial many phone numbers, usually in order to find weak spots in an IT security architecture.
• Hackers often use war dialing software, sometimes called "war dialers" or "demon dialers," to look for unprotected modems.

A programme that deletes all the data from a computer is

1. Virus
2. Malware
3. Sweeper
4. Adware

Answer (Detailed Solution Below)

Option 3 : Sweeper

The process through which an illegitimate website pretends to be a specific legitimate website is known as "spoofing."

Spoofing:

1. Spoofing is the act of disguising a communication from an unknown source as being from a known, trusted source.
2. Spoofing can apply to emails, phone calls, and websites, or can be more technical, such as a computer spoofing an IP address, Address Resolution Protocol (ARP), or Domain Name System (DNS) server.
3. Spoofing can be used to gain access to a target’s personal information, spread malware through infected links or attachments, bypass network access controls, or redistribute traffic to conduct a denial-of-service attack.
4. Spoofing is often the way a bad actor gains access in order to execute a larger cyber attack such as an advanced persistent threat or a man-in-the-middle attack.

1. Sniffing:

• Sniffing is the process of monitoring and capturing all data packets that are passing through a computer network using packet sniffers.
• Packet Sniffers are used by network administrators to keep track of data traffic passing through their network.
• These are called network protocol analyzers.
• In the same way, malicious attackers employ the use of these packet sniffing tools to capture data packets in a network.  

2. Back Doors

• In the world of cybersecurity, a backdoor refers to any method by which authorized and unauthorized users are able to get around normal security measures and gain high-level user access (aka root access) on a computer system, network, or software application.
• Once they're in, cybercriminals can use a backdoor to steal personal and financial data, install additional malware, and hijack devices.

3. War Dialing:

• War dialing refers to the use of various kinds of technology to automatically dial many phone numbers, usually in order to find weak spots in an IT security architecture.
• Hackers often use war dialing software, sometimes called "war dialers" or "demon dialers," to look for unprotected modems.

A virus type that is capable of transferring from one computer to another without any ‘user interaction’ is known as

1. Worm
2. Trojan
3. Key Logging
4. Boot Sector Virus

Answer (Detailed Solution Below)

Option 1 : Worm

Malicious software or malware are programs intentionally designed to perform some unauthorized - often harmful or undesirable actions. Malware can gain remote access to any computer and send that from that system to a third party without the user’s knowledge. This malware exists in many forms.

Types of Malware:

• Worm: It is a self-replicating program that uses a network to send copies of itself to other nodes and does so without any user intervention. It does not need to attach itself to an existing program, unlike virus.
• Trojan: It is a malware that disguises itself as legitimate or useful software. It neither replicates itself or copies itself, but compromises the security of the computer.
• Boot Sector Virus:  It is a type of virus that infects the boot record on hard disks. All hard disks contain a small program in the boot record that is run when the computer starts up. These viruses attach themselves to the of this part of the disk and activate when the user attempts to start up.
• Keyloggers: It is a hardware or software device which monitors every keystroke, screenshots, chats etc typed on the computer. A keylogger program does not require physical access to the user's computer.

NOTE:

Phishing: This kind of activity is performed by falsely mimicking or masquerading a trustworthy entity in an attempt to scam the recipient to divulge private information regarding themselves.

Hence, it can be concluded that a worm is a virus type that is capable of transferring from one computer to another without any user interaction.

What type of software is malicious software?

What are the 3 types of malware attacks?

What type of malware steals personal information?

Which type of malicious programs enter your computer through Internet?