{
  "query": "Which type of malware disguises itself as a legitimate file, requires the user to execute it, and establishes remote command and control access?",
  "options": [
    {
      "text": "Worm",
      "explanation": "A worm self replicates to spread across networks without needing direct user execution.",
      "correct": false,
      "selected": false
    },
    {
      "text": "Trojan horse",
      "explanation": "Malware that masquerades as legitimate software to trick a user into running it and often enables remote control.",
      "correct": true,
      "selected": false
    },
    {
      "text": "Ransomware",
      "explanation": "Malware that encrypts files and demands payment to restore access.",
      "correct": false,
      "selected": false
    }
  ],
  "answer": "<p>The correct answer is <b>Trojan horse</b>.</p><p>A <b>Trojan horse</b> masquerades as a legitimate file or program and requires a user to execute it. After execution it commonly installs backdoors or other components that give the attacker remote command and control access to the compromised system.</p><p><i>Worm</i> is incorrect because a <i>Worm</i> self replicates and spreads across networks without requiring a user to run a disguised file. Worms rely on automatic propagation rather than on tricking a user into execution.</p><p><i>Ransomware</i> is incorrect because <i>Ransomware</i> primarily encrypts or locks data to extort payment from victims. Although ransomware can be delivered by a trojan style installer, its defining behavior is data encryption for ransom rather than providing remote command and control access.</p>",
  "batch_id": "217",
  "answerCode": "2",
  "type": "multiple-choice",
  "originalQuery": "Lee, an employee of a law firm, receives an email with an attachment \"Court_Notice_09082020.zip\". There is a file inside the archive \"Court_Notice_09082020.zip.exe\". Alex does not notice that this is an executable file and runs it. After that, a window appears with the notification \"This word document is corrupt\" and at the same time, malware copies data to APPDATA\\local directory takes place in the background and begins to beacon to a C2 server to download additional malicious binaries. What type of malware has Lee encountered?",
  "originalOptions": "A. Macro Virus<br/>B. Worm<br/>C. Trojan<br/>D. Key-Logger",
  "domain": "Reconnaissance Techniques for Ethical Hacking",
  "hasImage": false,
  "queryImage": "",
  "queryImages": [],
  "allImages": [],
  "hasAnyImage": false,
  "deprecatedReference": false,
  "deprecatedMatches": {},
  "hasPre": false,
  "qid": "683s",
  "tip": "<p>When distinguishing malware types focus on the defining behavior. Check if it <i>requires user execution</i>, if it <i>self replicates</i>, or if it <i>encrypts data for ransom</i>. That approach makes elimination faster on exam questions.</p>",
  "references": [
    "<a href=\"https://csrc.nist.gov/glossary/term/trojan_horse\">https://csrc.nist.gov/glossary/term/trojan_horse</a>",
    "<a href=\"https://learn.microsoft.com/en-us/windows/security/threat-protection/intelligence/malware-types\">https://learn.microsoft.com/en-us/windows/security/threat-protection/intelligence/malware-types</a>",
    "<a href=\"https://www.cisa.gov/stopransomware/what-is-ransomware\">https://www.cisa.gov/stopransomware/what-is-ransomware</a>"
  ],
  "video_url": "https://certificationation.com/videos/others/eccouncil/ethical-hacker/eccouncil-email-with-an-attachment-court-notice-09082020-zip-exam-683.html",
  "url": "https://certificationation.com/questions/others/eccouncil/ethical-hacker/eccouncil-email-with-an-attachment-court-notice-09082020-zip-exam-683.html"
}