P2L2: Modern Malware Flashcards
T/F: Modern malware is for fun and games
False. Modern malware is often for profit and political gains. It is technically sophisticated and based on the latest tech. It is designed for efficiency, robustness, and evasiveness.
Botnet
Botnets are a network of bots (zombies) controlled by an attacker to carry out coordinated malicious attacks
Examples of Attacks/Frauds by botnets
–Spam–DDOS–Click fraud–Phishing and Pharming–Keylogging and data/ID theft–Key/password cracking–Anonymized terrorist and criminal communication–Cheat in online games and polls
Amplified Distributed Reflective Attacks
Attacker uses open recursive DNS servers, which are plentiful
Why DDoS attack?
–Attacker does not need to use his own computer–So many computers involved in the attack, it is difficult to distinguish legitimate from malicious traffic
Botnet Command and Control (C&C)
Botnet master needs C&C to control the bots
C&C design
–Must be efficient and reliable–Stealthy–Resilient
T/F: The botmasters prefer dynamic DNS servers
True: Because of the frequent change between domain name and IP address.
Anomaly detection
The way the bots look up a domain suggest the domain is most likely used for C&C.
What can be done when the anomaly is detected?
Map the domain name to a sinkhole
What is the advantage of the sinkhole?
Researchers can discover where the bots are in the net.
Advanced Persistent Threat (APT)
Advanced: Use special malwarePersistent: Long-term presence, multi-step, low-and-slowThreat: Data targeted is high valueTend to target specific organizations
APT Lifecycle
–Define target–Research target infrastructure/employees–Test for detection–deployment–establish outbound connections–exfiltrate data–remain undetected–Repeat
Zero-day exploit
Takes advantage of a previously unknown weakness or vulnerability in a system.
Social Engineering
APTs are designed to fool even the most sophisticated of users.
