Several employees return to work the day after attending an industry trade show.
That same day, the security manager notices several malware alerts coming from each of the employee's workstations.
The security manager investigates but finds no signs of an attack on the perimeter firewall or the NIDS.
Which of the following is MOST likely causing the malware alerts?
A.
A worm that has propagated itself across the intranet, which was initiated by presentation media B.
A fileless virus that is contained on a vCard that is attempting to execute an attack C.
A Trojan that has passed through and executed malicious code on the hosts D.
A USB flash drive that is trying to run malicious code but is being blocked by the host firewall.
A.
Several employees return to work the day after attending an industry trade show.
That same day, the security manager notices several malware alerts coming from each of the employee's workstations.
The security manager investigates but finds no signs of an attack on the perimeter firewall or the NIDS.
Which of the following is MOST likely causing the malware alerts?
A.
A worm that has propagated itself across the intranet, which was initiated by presentation media
B.
A fileless virus that is contained on a vCard that is attempting to execute an attack
C.
A Trojan that has passed through and executed malicious code on the hosts
D.
A USB flash drive that is trying to run malicious code but is being blocked by the host firewall.
A.
Based on the information provided, the most likely cause of the malware alerts is A. A worm that has propagated itself across the intranet, which was initiated by presentation media.
Here's why:
Option B, a fileless virus that is contained on a vCard attempting to execute an attack, is unlikely because fileless malware doesn't leave a footprint on a system, making it difficult to detect. However, the malware alerts in this scenario suggest that the system has detected the malware.
Option C, a Trojan that has passed through and executed malicious code on the hosts, is also unlikely. Trojans often rely on users to perform an action that initiates the malicious code, such as opening an email attachment or clicking a link. In this scenario, it is unlikely that all the employees would have fallen victim to the same Trojan attack at the same time.
Option D, a USB flash drive trying to run malicious code but being blocked by the host firewall, is also unlikely because the security manager investigated and found no signs of an attack on the perimeter firewall or NIDS.
Therefore, the most likely cause of the malware alerts is option A, a worm that has propagated itself across the intranet, which was initiated by presentation media. Trade shows often involve presentations that use USB drives to distribute content, and these USB drives can be infected with malware. When the employees inserted the USB drives into their workstations, the worm may have spread across the intranet, infecting multiple workstations and triggering the malware alerts.