🏠 Back to Exam Syllabus 📺 RooCloud on YouTube 🌐 RooCloud Practice Exams

CISSP 21.1 - Malware (Part 3 of 3)

This episode of the ISC2 Certified Information Systems Security Professional (CISSP) exam prep series finishes the malware chapter in Domain 8, rounding out the wider malware family beyond the classic virus. It covers Trojans and botnets, self-spreading worms, spyware and adware, ransomware extortion, and the fresh attack surface opened by malicious scripts and zero-day flaws.

What this episode covers

Watch the full episode above for the worked examples and detailed explanations of each concept.

Frequently Asked Questions

What is a Trojan horse, and what disguises does it wear?

A Trojan looks helpful but hides a harmful payload inside, which is why many organizations forbid installing unvetted software. Disguises vary: some pretend to be a game or utility while hijacking settings for ad revenue, rogue antivirus fakes a warning then steals data or charges you, a remote access Trojan opens a hidden backdoor for administrative control, and cryptomalware steals your computing power to mine cryptocurrency. The common thread is a friendly face wrapped around a hostile core.

How does a Trojan lead to a botnet and denial of service?

When enough infected machines fall under one attacker, called a botmaster, they form a remote-controlled army. Dozens of an organization’s machines can quietly obey an outsider, all hammering a single target website at once. That flood is a denial of service attack, and it can devour the organization’s entire bandwidth. The fix is often simple: clean the infected hosts and normal speed returns, but only if you knew to look.

How is a worm different from a virus?

A worm needs no human help at all. Where a virus waits for someone to click or share, a worm propagates on its own power across vulnerable systems. That self-driving spread is what makes worms so dangerous, because they can blanket the internet in hours. Famous worms teach two lessons: patch quickly, since a fix often existed well before the outbreak, and defend in depth, because attackers chain several weaknesses at once.

How does ransomware turn encryption against you?

Ransomware weaponizes cryptography, the very tool meant to protect you. After infecting a system, it generates a key known only to the attacker and encrypts your critical files, then demands payment by a deadline or you lose access forever. Some attackers add a second threat to publish your data too. Organizations with solid, tested backups fare far better because they can rebuild instead of pay, and paying can even be unlawful under economic sanctions.

Why are malicious scripts and zero-day flaws so hard to stop?

The same scripting languages that let admins automate work let attackers automate privilege escalation, backdoors, and command-and-control. The slipperiest version is fileless malware, which runs entirely in memory and never touches disk, so file-only detection sees nothing. A zero-day is a flaw attackers found but defenders have not yet fixed, leaving a window of vulnerability. Because you cannot patch what nobody has named, defense in depth with overlapping controls is the real answer.

📚 Master the ISC2 CISSP Exam!

Ready to test your knowledge? Access chapter-specific Multiple Choice Questions (MCQs) and full-length practice exams for the ISC2 CISSP certification at RooCloud.com. Solve the chapter-wise questions to reinforce this lesson before moving to the next episode.


Reference: This article is based on concepts discussed in CISSP 21.1 - Malware (Part 3 of 3).