Malware Infection
Despite no one clicking any suspicious links, a sudden spike in internal network traffic spreads a malicious payload to many computers within minutes. What malware exploits network weaknesses to cause this rapid, autonomous spread?
Worm
A pop-up says your files are locked and you must pay Bitcoin to get them back. What just happened?
You’ve likely been hit with ransomware, which encrypts files and demands payment in exchange for a decryption key.
This malware has caused major financial losses by locking hospitals out of critical systems.
Ransomware attacks have cost healthcare systems millions and risked patient safety by freezing access to medical data.
One of these needs to be opened by the user, and the other spreads automatically. Which is which?
A virus requires human action to run the infected file, while a worm spreads automatically via networks.
A program claims to optimize your system, but soon after installation, the device behaves erratically and communicates secretly with an unknown external server. Which malware technique relies on tricking users into installing what looks like helpful software?
Trojan
A user installs a game from an unknown website. Days later, their computer starts crashing and acting strangely. What likely caused this?
A Trojan disguised as the game probably installed hidden malicious code, which only activated after installation.
This malware has been used to steal credit card numbers from millions of users over long periods without detection.
Spyware can sit undetected on systems, gathering personal and financial data — sometimes for months or years.
Which is harder to detect: a traditional virus or a polymorphic virus? Why?
A polymorphic virus is harder to detect because it constantly changes its code to avoid static detection methods.
An employee opens an email attachment that infects their computer and gradually infects other files on the machine. Which malware requires this deliberate user action to propagate and typically embeds itself within other executables?
Virus
A company finds 300 machines infected overnight. No one clicked anything suspicious. What’s the most likely culprit?
A worm likely exploited a network vulnerability to spread automatically from one infected machine to the rest.
A polymorphic virus spreads through email attachments but changes slightly each time it’s sent. What challenge does this create for cybersecurity?
It evades traditional detection tools, requiring behavior-based or heuristic analysis to catch it — making response times slower.
How do spyware and ransomware differ in their visibility to the victim?
Spyware hides to secretly collect data, while ransomware announces itself loudly to extort money.
Your credit card details are stolen over weeks without any obvious signs or performance issues on your device. Which malware operates stealthily, collecting data quietly over time?
Spyware
After receiving an email attachment from a friend, your files are slowly being corrupted. What type of infection could this be?
It may be a virus that attached itself to the shared file, activating once opened and spreading through local files.
A worm infected a power plant’s network, leading to a temporary shutdown. What made this possible?
The worm spread without needing user interaction, and the network likely lacked segmentation, letting it move freely between systems.
What is a key difference between a Trojan and a virus?
A Trojan disguises itself as a legitimate program, while a virus attaches itself to other programs to replicate.
Antivirus software shows no alerts, but unusual system behavior persists. Each sample of the malware looks different, despite performing the same harmful actions. What malware technique constantly modifies its code to evade detection?
Polymorphic Virus
You install a browser extension that tracks your activity even in incognito mode. What’s likely going on?
You’ve probably installed spyware, which monitors and sends your private data — even without your awareness.
A Trojan was disguised as an update to a common tax software in a supply chain attack. What made this so dangerous?
The Trojan came from a trusted source, meaning even cautious users installed it, unknowingly giving attackers access to critical systems.
Why might a worm cause more damage in a corporate network than a Trojan?
Worms don’t need user interaction and can infect hundreds of systems rapidly, while Trojans typically require manual installation.