L10 - Modern Malware Flashcards
The bot “Spamming” is:
a) Used by botmasters to fraudulently increase revenue from advertisers
b) Used to gather valuable financial information
c) Infected machines send out unsolicited emails
c) Infected machines send out unsolicited emails
The bot “Click Fraud” is:
a) Used by botmasters to fraudulently increase revenue from advertisers
b) Used to gather valuable financial information
c) Infected machines send out unsolicited emails
a) Used by botmasters to fraudulently increase revenue from advertisers
The bot “Phishing” is:
a) Used by botmasters to fraudulently increase revenue from advertisers
b) Used to gather valuable financial information
c) Infected machines send out unsolicited emails
b) Used to gather valuable financial information
The attacker does not have to use his own computer in the attack
a) True
b) False
a) True
Since there are so many computers involved in the attack, it is difficult to distinguish legitimate from malicious traffic
a) True
b) False
a) True
The characteristics of DNS servers help mitigate the effect of DDoS attacks
a) True
b) False
b) False
Bots have more sophisticated communication capabilities than worms and viruses
a) True
b) False
a) True
It has the ability to perform C&C (command and control)
Bots require direct communication with the C&C server before beginning an attack
a) True
b) False
b) False
No need to communicate if attack is set on a timer
A botnet will be less likely to be found if it uses custom communication protocols
a) True
b) False
b) False
If it is custom, it will stand out from normal traffic.
A Gmail account is used for C&C, email address hardcoded in botcode.
Does it satisfy the following C&C schemes:
- Efficient/reliable communications
- Stealth communications (hard to detect)
- Resilient communications (hard to disrupt)
a) True
b) False
b) False
An account receiving emails for C&C all over the internet. This is not hard to detect.
P2P protocol is used for C&C, query string is hardcoded in botcode
Does it satisfy the following C&C schemes:
- Efficient/reliable communications
- Stealth communications (hard to detect)
- Resilient communications (hard to disrupt)
a) True
b) False
b) False
Not hard to detect, P2P traffic in enterprise network will stand out
A “news” web site has been set up for C&C, i.e. commands can be “parsed” from news articles. Website and parsing logic hardcoded in botcode.
Does it satisfy the following C&C schemes:
- Efficient/reliable communications
- Stealth communications (hard to detect)
- Resilient communications (hard to disrupt)
a) True
b) False
b) False
This is hard to detect. Reading news appears a lot like normal traffic but the website can be easily blocked.
The “Boy in the Browser” APT activity does the following:
a) Eavesdrops
b) Modifies web pages
c) Covertly records keystrokes
d) Covertly changes a computer’s network routing
e) Web users unknowingly click on something that is not as it is portrayed
d) Covertly changes a computer’s network routing
The “Clickjacking” APT activity does the following:
a) Eavesdrops
b) Modifies web pages
c) Covertly records keystrokes
d) Covertly changes a computer’s network routing
e) Web users unknowingly click on something that is not as it is portrayed
e) Web users unknowingly click on something that is not as it is portrayed
The “Man in the Browser” APT activity does the following:
a) Eavesdrops
b) Modifies web pages
c) Covertly records keystrokes
d) Covertly changes a computer’s network routing
e) Web users unknowingly click on something that is not as it is portrayed
b) Modifies web pages
