| 🏠 Back to Exam Syllabus | 📺 RooCloud on YouTube | 🌐 RooCloud Practice Exams |
CISSP 21.1 - Malware (Part 3 of 3)
This episode of the ISC2 Certified Information Systems Security Professional (CISSP) exam prep series finishes the malware chapter in Domain 8, rounding out the wider malware family beyond the classic virus. It covers Trojans and botnets, self-spreading worms, spyware and adware, ransomware extortion, and the fresh attack surface opened by malicious scripts and zero-day flaws.
What this episode covers
- Trojan horses — a helpful face over a hostile core, from rogue antivirus to remote access Trojans and cryptomalware.
- Botnets and denial of service — infected hosts obey a botmaster and flood one target until its bandwidth is gone.
- Worms — need no human help, self-propagate across vulnerable systems, and can even cause physical destruction.
- Lessons from famous worms — patch quickly and defend in depth, since attackers chain many weaknesses at once.
- Spyware and adware — spyware ships your activity to an operator, adware chases ad money; both are unwanted programs.
- Ransomware — encrypts your data for extortion, so tested backups beat negotiation and paying can be unlawful.
- Scripts and zero-days — fileless malware runs in memory and unnamed flaws leave a window only layered controls close.
Watch the full episode above for the worked examples and detailed explanations of each concept.
Frequently Asked Questions
What is a Trojan horse, and what disguises does it wear?
A Trojan looks helpful but hides a harmful payload inside, which is why many organizations forbid installing unvetted software. Disguises vary: some pretend to be a game or utility while hijacking settings for ad revenue, rogue antivirus fakes a warning then steals data or charges you, a remote access Trojan opens a hidden backdoor for administrative control, and cryptomalware steals your computing power to mine cryptocurrency. The common thread is a friendly face wrapped around a hostile core.
How does a Trojan lead to a botnet and denial of service?
When enough infected machines fall under one attacker, called a botmaster, they form a remote-controlled army. Dozens of an organization’s machines can quietly obey an outsider, all hammering a single target website at once. That flood is a denial of service attack, and it can devour the organization’s entire bandwidth. The fix is often simple: clean the infected hosts and normal speed returns, but only if you knew to look.
How is a worm different from a virus?
A worm needs no human help at all. Where a virus waits for someone to click or share, a worm propagates on its own power across vulnerable systems. That self-driving spread is what makes worms so dangerous, because they can blanket the internet in hours. Famous worms teach two lessons: patch quickly, since a fix often existed well before the outbreak, and defend in depth, because attackers chain several weaknesses at once.
How does ransomware turn encryption against you?
Ransomware weaponizes cryptography, the very tool meant to protect you. After infecting a system, it generates a key known only to the attacker and encrypts your critical files, then demands payment by a deadline or you lose access forever. Some attackers add a second threat to publish your data too. Organizations with solid, tested backups fare far better because they can rebuild instead of pay, and paying can even be unlawful under economic sanctions.
Why are malicious scripts and zero-day flaws so hard to stop?
The same scripting languages that let admins automate work let attackers automate privilege escalation, backdoors, and command-and-control. The slipperiest version is fileless malware, which runs entirely in memory and never touches disk, so file-only detection sees nothing. A zero-day is a flaw attackers found but defenders have not yet fixed, leaving a window of vulnerability. Because you cannot patch what nobody has named, defense in depth with overlapping controls is the real answer.
📚 Master the ISC2 CISSP Exam!
Ready to test your knowledge? Access chapter-specific Multiple Choice Questions (MCQs) and full-length practice exams for the ISC2 CISSP certification at RooCloud.com. Solve the chapter-wise questions to reinforce this lesson before moving to the next episode.
Reference: This article is based on concepts discussed in CISSP 21.1 - Malware (Part 3 of 3).