Question

A researcher is working to identify what appears to be a new variant of an existing piece of malware commonly used in ransomware attacks. While it is not identical to the malware previously evaluated, it has a number of similarities including language, payload, and algorithms.

Which of the following would help the researcher safely compare the code base of the two variants?

A. Virtualized sandbox
B. Vulnerability scanner
C. Software-defined network
D. HTTP interceptor

Answer 1

To compare two malware variants, a Virtualized sandbox is the best choice as it provides an isolated environment to safely observe the malware's behavior without compromising security.

Step-by-step explanation:

To safely compare the code base of two variants of malware, particularly in the context of ransomware attacks, the researcher should use a Virtualized sandbox. This is an isolated computing environment where the malware can be run and observed without risking the integrity or security of the host system. Using a virtualized sandbox allows researchers to analyze the behavior of the malware, including its payload and algorithms, without exposing real systems or data to potential harm. Additional tools, like vulnerability scanners, software-defined networks, and HTTP interceptors could be helpful in a broader security analysis, but for safely comparing the code bases and dynamic behavior of malware, a sandbox is the most appropriate choice.