Questions: Common Malware Types and Defense Strategies
5 questions to test your understanding
Score: 0 / 5
Question 1 Multiple Choice
A corporation's network becomes infected and the malware spreads autonomously to thousands of machines overnight — without any employee opening an attachment or sharing a file. Which type of malware best fits this description?
AA virus, because viruses are the most aggressive form of malware
BA worm, because worms actively seek out and infect vulnerable machines over a network without user action
CRansomware, because it is designed for maximum disruption
DSpyware, because it operates silently in the background
The defining characteristic of a worm is autonomous network propagation — it does not need a user to share an infected file. It scans for vulnerable systems and copies itself to them independently. A virus, by contrast, is passive: it attaches to files and spreads only when a human shares those files. The WannaCry attack was a real-world example of exactly this pattern, spreading to hundreds of thousands of machines in hours without requiring any user action.
Question 2 Multiple Choice
Which defense is most specifically targeted at ransomware's unique threat model, as opposed to malware in general?
AKeeping antivirus signatures up to date
BInstalling operating system security patches promptly
CMaintaining offline or off-network backups of important files
DUsing strong, unique passwords for all accounts
Ransomware's threat is that it encrypts your files and holds them hostage — the attack only succeeds if you have no other copy of your data. Offline backups directly neutralize this threat: if your files are backed up separately, you can restore them without paying the ransom. Antivirus and OS updates are valuable general defenses against many malware types, but they don't eliminate the consequence of a successful ransomware attack. Strong passwords help against unauthorized access but don't address ransomware specifically.
Question 3 True / False
A worm requires a user to share an infected file — such as through email or a USB drive — in order to spread to other machines.
TTrue
FFalse
Answer: False
This describes how a virus spreads, not a worm. Worms are self-contained programs that actively scan networks for vulnerable machines and copy themselves without any human action required. This is precisely what makes worms so dangerous in networked environments: once one machine is infected, the worm can spread exponentially without depending on user behavior. Viruses are passive and depend on humans sharing files.
Question 4 True / False
Spyware typically tries to remain undetected on an infected system for as long as possible.
TTrue
FFalse
Answer: True
Spyware's goal is data collection — passwords, banking credentials, browsing history, keystrokes. The longer it operates undetected, the more data it can exfiltrate. This is fundamentally different from ransomware, which makes its presence known immediately to demand payment, or a worm, which prioritizes fast spreading. Spyware prioritizes stealth above everything else, often using techniques to hide from antivirus scans and blend into normal system processes.
Question 5 Short Answer
Why is 'defense in depth' — combining multiple protective layers — more effective against malware than relying on any single measure?
Think about your answer, then reveal below.
Model answer: No single defense stops all malware. Antivirus can miss new or sophisticated threats that don't match known signatures. OS updates close known vulnerabilities but can't protect against zero-days. Behavioral skepticism about downloads prevents many infections but doesn't help if malware enters through another vector. Each layer stops threats that get past the others. Together they reduce the chance that any single failure — a missed signature, an unpatched system, a moment of inattention — results in a successful infection.
Defense in depth reflects the security principle that attackers only need one successful path while defenders must block every path. Different malware types exploit different entry points: viruses via file sharing, worms via network vulnerabilities, ransomware and spyware often via phishing. Matching multiple defenses to multiple attack vectors means a failure in one layer (e.g., antivirus missing a new ransomware variant) is caught by another (offline backups make the ransomware moot).