CS 6035: 2nd Half Flashcards

1
Q

_____ (aka zombie) is a compromised computer under the control of an attacker.

A

Bot

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

_____ are the most prevalent form of malware. Most attacks and frauds are due to ___.

A

Botnets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

____ bot activity that infects machines to end out unsolicited emails.

A

Spamming

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

_____ used by botmasters to fraudulently increase revenue from advertisers.

A

Click Fraud.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

_____ bot activity used to gather valuable financial information.

A

Phishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Botnets usually have one of two goals:
1.
2.

A

monetary profit or political activism.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Botnets are responsible for:

  • Spam
  • DDOS (distributed denial of service) attacks
  • Click fraud
  • Phishing and pharming
  • Keylogging and Data/ID theft
  • Key/Password Cracking
  • Anonymized terrorist and criminal communication
  • Cheat in online games and polls.
A

:)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

_____ are servers that any machine can query.

A

Open recursive DNS Servers. A common query is to look up the IP address of a domain name.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The botmaster needs to control the bots, so ____ is required.

A

Control and communication (command and control)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Botnet C&C design considerations:
1.
2.
3.

A
  1. Must be efficient and reliable. It must be able to reach a sizable amount
  2. Stealthy - hard to detect (i.e. it must blend with normal traffic)
  3. Resilient - it should be hard to disable or block C&C traffic.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

_____ is

  1. Advanced: use special malware. Used for high value theft.
  2. Persistent. Long-term presence, multi-step, low and slow. Once the malware gets into an organization, it will be there for a long time.
  3. Threat. The data targeted is high value.
A

Advanced Persistent Threat (APT).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A ________ takes advantage of a previously unknown weakness or vulnerability in a system. There is no patch of fix for the system or prevention for the attack.

A

zero-day exploit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

____ covertly changes a computer’s network routing.

APT attack.

A

Boy in the Midde

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

____ web users unknowingly click on something that is not as it is portrayed.

APT attack.

A

Clickjacking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

_____ modifies web pages covertly.

APT attack.

A

Man in the Browser.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

_____ eavesdrops.

APT attack.

A

Man in the Middle.

17
Q

______ covertly records keystrokes.

APT attack.

A

Keyloggers.

18
Q

____ attempts to understand what the malware instance would do if executed. This is done without actually running the malware.

Malware analysis.

A

Static Analysis.

19
Q

_____ attempts to understand what a program does when executed. Different granularities of analysis.

Malware analysis.

A

Dynamic Analysis

20
Q

_____ looking at instruction by instruction.

Malware analysis.

A

Fine-grained (e.g. automated unpacking)

21
Q

_____ (system call tracing) - looking at function calls.

Malware analysis.

A

Coarse-grained

22
Q

_____ only reveals behavior of a program during a specific runs. On a particular run, the malware may be waiting for specific conditions to be right before executing some of its code.

Malware analysis.

A

Dynamic analysis downfalls.

23
Q

_____ a technique whereby parts or all of an executable file are compressed, encrypted, or transformed into some fashion. This makes part of the program data instead of code. The code that reverses the pre-runtime transformation is included in the executable and is called ____.

Malware Obfuscation.

A

Packing.

Unpacking.