Lec 13: Malware II: Network Worms and Botnets

Question 1

What are network worms?

Answer 1

Question 2

How do network worms work?

Answer 2

Question 3

What is the history behnid worms?

Answer 3

Question 4

What is the history of the Morris Internet Worm?

Answer 4

Question 5

How does Morris Worm Transmission work?

Answer 5

Question 6

How did Morris Worm Infection work?

Answer 6

Question 7

What did the Morris Worm Stealth/DoS work?

Answer 7

Question 8

What is the history behind the modern worm era?

Answer 8

Question 9

What are the technical enablers for worms?

Answer 9

Question 10

How do we think about worm outbreaks?

Answer 10

Question 11

What are the two think about when dealing with worm outbreaks and the SI model?

Answer 11

Question 12

What can be done against worm outbreaks?

Answer 12

Question 13

What is software quality prevention?

Answer 13

• against network worms

Question 14

What are wrappers?

Answer 14

• network worm prevention technique

Question 15

What is Software Heterogeneity?

Answer 15

• network worm prevention technique

Question 16

What is software updating prevention technique?

Answer 16

• network worm prevention

Question 17

What is the known exploit blocking prevention technique?

Answer 17

• network worm prevention

Question 18

What is hygiene enforcement?

Answer 18

• network worm prevention technique

Question 19

What is network worm treatment? What are the two issues with it?

Answer 19

Question 20

What are white worms?

Answer 20

Question 21

What is network worm containment? What are the two types of containment?

Answer 21

Question 22

What are the requirements for quarantining network worms? How can we define reactive defenses?

Answer 22

Question 23

What makes worm containment difficult?

Answer 23

Question 24

What is Slammer (2003)?

Answer 24

• network worm

Question 25

Was Slammer really fast?

Answer 25

Question 26

Network worm outbreak detection/monitoring. What are the two classes of monitors?

Answer 26

Question 27

What are network telescopes?

Answer 27

Question 28

Why do telescopes work?

Answer 28

Question 29

What is Code Red’s Growth vs it’s patch rate?

Answer 29

Question 30

What is the global animation of an outbreak?

Answer 30

Question 31

What are the problems with telescopes?

Answer 31

Question 32

What are the overall limitations of telescope, honey net, etc. monitoring?

Answer 32

Question 33

How do you detect worms on your network?

Answer 33

Question 34

What is scan detection?

Answer 34

Question 35

What is signature inference?

Answer 35

Question 36

What is the approach for signature inference?

Answer 36

Question 37

What is content sifting?

Answer 37

Question 38

What does the content sifting algorithm look like in a diagram?

Answer 38

Question 39

What are the challenges to content shifting?

Answer 39

Question 40

What is Earlybird?

Answer 40

Question 41

What is the results of Earlybird?

Answer 41

Question 42

What is UCSD’s relationship with content sifting technologies?

Answer 42

Question 43

What are the limitations to content sifting?

Answer 43

Question 44

What are distributed detection issues? What do we do about it?

Answer 44

Question 45

So you’ve taken over 100,000 machines, now what?

Answer 45

Question 46

What is a botnet?

Answer 46

Question 47

What is the history of botnet?

Answer 47

Question 48

What is the first major motivation of batnets?

Answer 48

Question 49

How do botnets get created?

Answer 49

Question 50

What is architecture of a botnet?

Answer 50

Question 51

What is storm peer-to-peer botnet?

Answer 51

• type of botnet architecture

Question 52

Wha is the Agobot?

Answer 52

Question 53

What are some of the Agobot Commands?

Answer 53

Question 54

How do bots build on one another?

Answer 54

Question 55

How do you detect botnets?

Answer 55

Question 56

How do you disrupt bots?

Answer 56

Question 57

What is command and control disruption?

Answer 57

Question 58

What gets in the way of cleaning bots?

Answer 58