Certified Ethical Hacker (CEH v13) — Question 70

A multinational corporation's computer system was infiltrated by an advanced persistent threat (APT). During forensic analysis, it was discovered that the malware was utilizing a blend of two highly sophisticated techniques to stay undetected and continue its operations.
Firstly, the malware was embedding its harmful code into the actual binary or executable part of genuine system files rather than appending or prepending itself to the files. This made it exceptionally difficult to detect and eradicate, as doing so risked damaging the system files themselves.
Secondly, the malware exhibited characteristics of a type of malware that changes its code as it propagates, making signature-based detection approaches nearly impossible.
On top of these, the malware maintained a persistent presence by installing itself in the registry, making it able to survive system reboots.
Given these distinctive characteristics, which two types of malware techniques does this malware most closely embody?

Answer options

• A. Polymorphic and Metamorphic malware
• B. Polymorphic and Macro malware
• C. Macro and Rootkit malware
• D. Metamorphic and Rootkit malware

Correct answer: D

Explanation

The correct answer is D, as Metamorphic malware changes its code as it spreads, making detection difficult, while Rootkits install themselves in the system registry for persistence. A is incorrect because while it mentions Polymorphic malware, it does not address the registry persistence aspect. B is wrong as Macro malware is not relevant to the described techniques. C is also incorrect because, although it includes Rootkits, it does not mention the code-changing characteristics of Metamorphic malware.