Certified Ethical Hacker (CEH v12) — Question 203

A multinational corporation's computer system was infiltrated by an advanced persistent threat (APT). During forensic analysis, it was discovered that the malware was utilizing a blend of two highly sophisticated techniques to stay undetected and continue its operations.

Firstly, the malware was embedding its harmful code into the actual binary or executable part of genuine system files rather than appending or prepending itself to the files. This made it exceptionally difficult to detect and eradicate, as doing so risked damaging the system files themselves.

Secondly, the malware exhibited characteristics of a type of malware that changes its code as it propagates, making signature-based detection approaches nearly impossible.

On top of these, the malware maintained a persistent presence by installing itself in the registry, making it able to survive system reboots.

Given these distinctive characteristics, which two types of malware techniques does this malware most closely embody?

Answer options

• A. Polymorphic and Metamorphic malware
• B. Polymorphic and Macro malware
• C. Macro and Rootkit malware
• D. Metamorphic and Rootkit malware

Correct answer: D

Explanation

The correct answer is D, as Metamorphic malware changes its code with each propagation, complicating signature detection, while Rootkit malware hides itself in the system, often modifying the registry for persistence. Options A and B incorrectly include Polymorphic malware, which is not the primary technique involved here. Option C incorrectly pairs Macro malware, which does not align with the sophisticated evasion techniques described.