Certified Ethical Hacker (CEH v13) — Question 64

Security administrator John Smith has noticed abnormal amounts of traffic coming from local computers at night. Upon reviewing, he finds that user data have been exfiltrated by an attacker. AV tools are unable to find any malicious software, and the IDS/IPS has not reported on any non-whitelisted programs.
What type of malware did the attacker use to bypass the company’s application whitelisting?

Answer options

• A. File-less malware
• B. Zero-day malware
• C. Phishing malware
• D. Logic bomb malware

Correct answer: A

Explanation

File-less malware operates in memory and does not rely on traditional files, allowing it to evade detection by antivirus tools and application whitelisting. Zero-day malware refers to exploits that target known vulnerabilities but may not specifically bypass whitelisting. Phishing malware typically involves social engineering rather than evasion techniques, and logic bombs execute under specific conditions rather than focusing on stealthy data exfiltration.