Malware infecting multiple systems remains dormant until triggered and changes its code or encryption with each infection to evade detection. Which malware type best fits this description, and what is the most effective mitigation?
A.
Rootkit – use anti-rootkit tools and patch systems
B.
Adware – deploy anti-adware tools and train users
C.
Worm – isolate infected systems and scan the network
D.
Polymorphic malware – use behavior-based detection and ensure systems are patched
The CEH Malware Threats module defines polymorphic malware as malicious code that mutates its appearance (code, encryption, packing) each time it propagates, making signature-based detection ineffective. Dormancy and trigger-based activation are also common characteristics.
CEH emphasizes that behavior-based detection, sandboxing, and heuristic analysis are the most effective countermeasures against polymorphic threats.
Option D is correct.
Options A, B, and C do not address polymorphic evasion techniques.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit