Trojans and other attacks

Question 1

wrappers

Answer 1

program that allows you to bind an executable (malware) to the program of your choice. e.g. a game

Question 2

crypters

Answer 2

use a combo of of encryption and and code manipulation to render malware undetectable (fud Fully undetectable)

Question 3

packer

Answer 3

use compression to make executable smaller as less obvious to some AVs

Question 4

Exploit kits (list)

Answer 4

Infinity, Bleeding Life, Crimepack, Blackhole

Question 5

Trojans (list)

Answer 5

Chewbaca ( Bankbank), Skynet botnet (tor-based), RAT, MoSucker (RAT), Optix Pro (old school up to xp backdoor), Blackhole (RATs), Zues, SpyEye (e-banking)

Question 6

nc -e

Answer 6

-e = execute Netcat command gets cmd line access to machine specified with -t (tos) connect to telnet

Question 7

nc -l -p 5555

Answer 7

opens port 5555 in a listening state on the target machine can then nc -p 5555 to connect

Question 8

netstat -an

Answer 8

all connections and listening port in numerical order

Question 9

netstat -b

Answer 9

all active connections and processes or applications that are using them

Question 10

Boot Sector Virus

Answer 10

aka system virus- moves the boot sector to another location forcing virus to be executed first.

Question 11

Shell Virus

Answer 11

Wraps around application code running itself before the app in run

Question 12

Cluster Virus

Answer 12

Modifies directory table entries so that user or system processes are pointed to the virus code instead of action or app intended.

Question 13

Multipartite Virus

Answer 13

infect both boot sector and files at same time. Has multiple infection vectors

Question 14

Macro virus

Answer 14

Usually in VBA infects MS office template files (excel or word) Melissa was an example

Question 15

Polymorphic Virus

Answer 15

Mutates code using built in polymorphic engine

Question 16

Encryption Virus

Answer 16

Uses encryption to hide

Question 17

Metamorphic Virus

Answer 17

rewrites itself every time it infects new file

Question 18

Stealth Virus

Answer 18

Also tunneling virus intercepts AV’s requests to the OS and alters them and returns them to the AV as uninfected.

Question 19

Cavity Virus

Answer 19

Overwrites portions of the host file so as not to increase it’s size. It does this using the Nullcontent sections and leaves the functionality in tact

Question 20

Sparse Infector Virus

Answer 20

only infects occasionally. perhaps every 10th time the app is launched

Question 21

File extension Virus

Answer 21

changes the the file extension of files.

Question 22

Fragmentation attack

Answer 22

DOS systems inability to handle fragmented packets

Question 23

Volumetric attack

Answer 23

DOS Consume all of the available bandwidth for the system or service

Question 24

TCP state exhaustion attack

Answer 24

DOS trys to consume the connection state tables of load balancers, firewall, app servers

Question 25

Syn attack/ syn flood

Answer 25

DOS thousands of syn packets but never responds to the syn/ack

Question 26

Syn Flood

Answer 26

DOS thousands of syn packets but never responds to the syn/ack

Question 27

ICMP/ ping Flood

Answer 27

DOS ICMP packet with fake address eventually reaches limit of packets per second PPS

Question 28

Smurf attack

Answer 28

DOS sends large number of pings to the broadcast address of network from spoofed address of target machine.

Question 29

Ping of death

Answer 29

DOS send ping in fragments that when assembled are is larger than max and crashes system

Question 30

Phlashing

Answer 30

DOS that causes permanent damage to a system. Bricking

Question 31

RUDY

Answer 31

DOS uses HTTP POST Via long form field submissions