P2L2 Flashcards

1
Q

what’s the goal of past malware?

A

fun and fame

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

what’s the goal of modern malware?

A

profit and political gain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

modern malware is more sophisticated. (T/F)

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

bots is also called zombies (T/F)

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

what is botnet

A
  • a coordinated network of bots, a network of compromised computers that the botmaster influences via C&C (command and control)
  • key platform for most internet-based attacks and frauds
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

almost all spams are sent by botnet (T/F)

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

botnet is used for profit or political activism?

A

True, both!

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

most common DDOS botnet

A

attacker order bots to SYN flood the victim

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

amplified distributed reflective attack

A

DDOS, attacker order bots to request large txt record sent to victim spoofed IP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

an attacker doesn’t have to use his own computer in an attack (T/F)

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

the characteristic of DNS helps mitigate the effect of DDOS attack

A

False. DNS actually amplified the effect of DDOS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

naive botnet C&C

A

spread bots and have them directly communicate back

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

problems with naive botnet C&C

A
  • not stealthy. If someone catches a bot, they can trace back to the attacker
  • not robust: only 1 method of communication
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

botnet C&C design considerations

A
  • efficient and reliable
  • stealthy
  • resilient
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

bots require communication before an attack (T/F)

A

false

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

bots are less likely to be found if it uses custom communication

A

false. That will make it stand out

17
Q

many botnet use DNS for C&C (T/F)

A

True

18
Q

DNS is good for C&C because?

A
  • DNS is always allowed. DNS is needed whenever a machine on the internet wants to talk to another machine
  • using DNS won’t make the bot standout
19
Q

the way a bot look up a domain is different from a machine looks up a web server

A
  • domain is looked up by too many bots and unknown to google search
20
Q

how to detect botnet C&C domain

A

anomaly detection. Then the DynDSN provider to map that domain to a sinkhole

21
Q

APT is used for attack and phishing (T/F)

A

false, it’s used for high-value operations (like stealing designs)

22
Q

spear phising

A

target specific individuals

23
Q

APT tries to infect as many machine as possible

A

no. the whole purpose is to keep the footprint as small as possible

24
Q

Boy in the browser

A

changes network routing

25
Q

clickjacking

A

webuser unknowingly click on something not as portrayed

26
Q

man in the browser

A

modifies webpages

27
Q

man in the middle

A

eavesdrops

28
Q

problem with malware static analysis

A

those that depend on runtime or input data cannot be analyzed by looking at the code

29
Q

problem with malware dynamic analysis

A

only reveal behavior of the runs, won’t show the complete picture

30
Q

analysis by looking at instruction by instruction

A

fine-grained

31
Q

signature-based approach is effective against packed malware (T/F)

A

false

32
Q

signature-based approach is effective against packed malware (T/F)

A

false

33
Q

we can use the unpacked code as signature to detect malware (T/F)

A

false

34
Q

the key of fine-grained tracing based universal unpacking algorithms

A

detecting the execution of code not in the static code model. Then unpack that part of the code, and use signature-based approach to detect that part of the malware