GIAC
GCIH · Question #21
GCIH Question #21: Real Exam Question with Answer & Explanation
The correct answer is C: Win32/Conflicker. Win32/Conficker is a network worm that specifically targets the MS08-067 vulnerability in the Windows RPC subsystem to propagate across networks automatically.
Malware Analysis & Advanced Persistent Threats
Question
Which of the following is a network worm that exploits the RPC sub-system vulnerability present in the Microsoft Windows operating system?
Options
- AWin32/Agent
- BWMA/TrojanDownloader.GetCodec
- CWin32/Conflicker
- DWin32/PSW.OnLineGames
Explanation
Win32/Conficker is a network worm that specifically targets the MS08-067 vulnerability in the Windows RPC subsystem to propagate across networks automatically.
Common mistakes.
- A. Win32/Agent is a generic trojan family that performs actions such as downloading additional malware, but does not exploit the RPC sub-system vulnerability for network worm propagation.
- B. WMA/TrojanDownloader.GetCodec is a trojan downloader that disguises itself as a media codec to trick users into installing malware, and is not a network worm exploiting RPC vulnerabilities.
- D. Win32/PSW.OnLineGames is a password-stealing trojan designed to harvest credentials from online games, not a network worm that exploits RPC sub-system vulnerabilities.
Concept tested. Identifying Win32/Conficker as an RPC-exploiting worm
Reference. https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Win32%2FConficker
Topics
#Conficker worm#RPC vulnerability#network worm#Windows exploit
Community Discussion
No community discussion yet for this question.