CS 6035: 2nd Half Flashcards
_____ (aka zombie) is a compromised computer under the control of an attacker.
Bot
_____ are the most prevalent form of malware. Most attacks and frauds are due to ___.
Botnets.
____ bot activity that infects machines to end out unsolicited emails.
Spamming
_____ used by botmasters to fraudulently increase revenue from advertisers.
Click Fraud.
_____ bot activity used to gather valuable financial information.
Phishing
Botnets usually have one of two goals:
1.
2.
monetary profit or political activism.
Botnets are responsible for:
- Spam
- DDOS (distributed denial of service) attacks
- Click fraud
- Phishing and pharming
- Keylogging and Data/ID theft
- Key/Password Cracking
- Anonymized terrorist and criminal communication
- Cheat in online games and polls.
:)
_____ are servers that any machine can query.
Open recursive DNS Servers. A common query is to look up the IP address of a domain name.
The botmaster needs to control the bots, so ____ is required.
Control and communication (command and control)
Botnet C&C design considerations:
1.
2.
3.
- Must be efficient and reliable. It must be able to reach a sizable amount
- Stealthy - hard to detect (i.e. it must blend with normal traffic)
- Resilient - it should be hard to disable or block C&C traffic.
_____ is
- Advanced: use special malware. Used for high value theft.
- Persistent. Long-term presence, multi-step, low and slow. Once the malware gets into an organization, it will be there for a long time.
- Threat. The data targeted is high value.
Advanced Persistent Threat (APT).
A ________ takes advantage of a previously unknown weakness or vulnerability in a system. There is no patch of fix for the system or prevention for the attack.
zero-day exploit
____ covertly changes a computer’s network routing.
APT attack.
Boy in the Midde
____ web users unknowingly click on something that is not as it is portrayed.
APT attack.
Clickjacking
_____ modifies web pages covertly.
APT attack.
Man in the Browser.