CS 6035: 2nd Half Flashcards
_____ (aka zombie) is a compromised computer under the control of an attacker.
Bot
_____ are the most prevalent form of malware. Most attacks and frauds are due to ___.
Botnets.
____ bot activity that infects machines to end out unsolicited emails.
Spamming
_____ used by botmasters to fraudulently increase revenue from advertisers.
Click Fraud.
_____ bot activity used to gather valuable financial information.
Phishing
Botnets usually have one of two goals:
1.
2.
monetary profit or political activism.
Botnets are responsible for:
- Spam
- DDOS (distributed denial of service) attacks
- Click fraud
- Phishing and pharming
- Keylogging and Data/ID theft
- Key/Password Cracking
- Anonymized terrorist and criminal communication
- Cheat in online games and polls.
:)
_____ are servers that any machine can query.
Open recursive DNS Servers. A common query is to look up the IP address of a domain name.
The botmaster needs to control the bots, so ____ is required.
Control and communication (command and control)
Botnet C&C design considerations:
1.
2.
3.
- Must be efficient and reliable. It must be able to reach a sizable amount
- Stealthy - hard to detect (i.e. it must blend with normal traffic)
- Resilient - it should be hard to disable or block C&C traffic.
_____ is
- Advanced: use special malware. Used for high value theft.
- Persistent. Long-term presence, multi-step, low and slow. Once the malware gets into an organization, it will be there for a long time.
- Threat. The data targeted is high value.
Advanced Persistent Threat (APT).
A ________ takes advantage of a previously unknown weakness or vulnerability in a system. There is no patch of fix for the system or prevention for the attack.
zero-day exploit
____ covertly changes a computer’s network routing.
APT attack.
Boy in the Midde
____ web users unknowingly click on something that is not as it is portrayed.
APT attack.
Clickjacking
_____ modifies web pages covertly.
APT attack.
Man in the Browser.
_____ eavesdrops.
APT attack.
Man in the Middle.
______ covertly records keystrokes.
APT attack.
Keyloggers.
____ attempts to understand what the malware instance would do if executed. This is done without actually running the malware.
Malware analysis.
Static Analysis.
_____ attempts to understand what a program does when executed. Different granularities of analysis.
Malware analysis.
Dynamic Analysis
_____ looking at instruction by instruction.
Malware analysis.
Fine-grained (e.g. automated unpacking)
_____ (system call tracing) - looking at function calls.
Malware analysis.
Coarse-grained
_____ only reveals behavior of a program during a specific runs. On a particular run, the malware may be waiting for specific conditions to be right before executing some of its code.
Malware analysis.
Dynamic analysis downfalls.
_____ a technique whereby parts or all of an executable file are compressed, encrypted, or transformed into some fashion. This makes part of the program data instead of code. The code that reverses the pre-runtime transformation is included in the executable and is called ____.
Malware Obfuscation.
Packing.
Unpacking.
