Malicious Software

Question 1

Who is spam costly to?

Answer 1

Both the network infrastructure and the user who must filter emails.

Question 2

Who sends spam?

Answer 2

Sometimes legitimate sources, but most is sent by botnets on comprised user systems.

Question 3

Name different types of spam

Answer 3

Advertising, scams, carrying malware, phishing.

Question 4

What makes spam hard to counter?

Answer 4

It exploits human behaviour, such as the user’s gullibility. It requires active user participation.

Question 5

What are the three types of Trojan?

Answer 5

Hector, Priam, Paris…
Trojans which perform the function of a program while performing separate malicious activity.
Trojans which perform the function of the program but modifying this function to perform or disguise other malicious activity.
Trojans which replace the original function entirely, to perform a malicious function.

Question 6

What is a bot?

Answer 6

A bot subverts the computational and network resources of an infected system, for the use of the attacker.

Question 7

What is a botnet?

Answer 7

A coordinated network of bots.

Question 8

What are bots used for?

Answer 8

Distributed Denial of Service Attacks, Spamming, Sniffing traffic, Key logging, Spreading malware etc.

Question 9

What makes bots different from worms?

Answer 9

Bots are initially controlled from some central facility.

Question 10

What is spear phishing?

Answer 10

When the target is specifically chosen and researched by the attacker, making their email more personalised to convince of authenticity.

Question 11

Why might SMPT allow spam more easily?

Answer 11

It has no built in authenticity checks. Also, the recipient’s mail server only sees the IP address of the direct peer from which it received the message.

Question 12

Why would a spammer want to hide their IP?

Answer 12

To avoid DNS or ISP blacklists. They could also do this by using botnets.

Question 13

What is greylisting?

Answer 13

The server rejects the first email from a sender which it does not recognise. If the sender resends their message, then it is probably legitimate and they get accepted. Botnets do not tend to retry sending emails.

Question 14

Is email security done by the protocol or the client?

Answer 14

The client.

Question 15

What is a javascript language attack? How can we prevent it?

Answer 15

Since javascript is executed in the browser, the attacker can use this to be able to execute some code on the user’s machine. This is also known as cross-site scripting.
We can prevent it by pre-processing input from the user before using it in HTML, using firewalls, using an auditing system etc.