malicious software

Question 1

what is a botnet

Answer 1

a network of compromised machines acting as a network

• responsible for things such as large scale network probing
• launching ddos
• spam
• click-fraud campaigns
• info theft

Question 2

what is a trojan horse

Answer 2

a program appearing as a regular program but hides malicious activity;

Question 3

what is a webroot

Answer 3

a dll based attack; spreads via drive by downloads; sophisticated rootkit

Question 4

what was the torpig botnet

Answer 4

it was a combination of a mebroot and a trojan horse that was distributed bia mebroot via drive by downloads and a sophisticated rootkit.

It injected into 29 software platforms to steal sensitive information, used http injection for phishing, encrypted http as command and control protocol, and used a resilient approach “domain flux”; to contact command and control center

Question 5

how do you go about in beggining to understand and contain malicious software

Answer 5

Principle 1: the hijacked botnet should be operated so that any harm
and/or damage to victims and targets of attacks would be minimized
Always responded with okn message
Never sent new/blank conguration le
Principle 2: the sinkholed botnet should collect enough information to
enable notication and remediation of aected parties
Worked with law enforcement (FBI and DoD Cybercrime units)
Worked with bank security ocers
Worked with ISPs

Question 6

what is a sinkholed botnet

Answer 6

a bot net that is controlled by “good guys”

Question 7

where do most malicipous threats start

Answer 7

the web

Question 8

a malicious webpage does what to gain arbitraty code execution

Answer 8

leverage of a defect

Question 9

what is malicious software

Answer 9

(Malware) refers to any unwanted software and executable code that is used
to perform an unauthorized, often harmful, action on a computing device. It
is an umbrella-term for various types of harmful software, including viruses,
worms, Trojans, rootkits, and botnets.

Question 10

which two malicious software are self spreading

Answer 10

virus/worm

Question 11

which five malicious software are non-spreadomg

Answer 11

root-kit, trojan horse, dialer, spyware, keylogger

Question 12

which 3 malicious software require a host

Answer 12

virus, root-kit and

Question 13

which 4 malicious software do not require a host

Answer 13

trojan, dialer, spyware, keylogger

Question 14

what is a virus

Answer 14

Self-replicating
Needs a host to infect
Boot (Brain virus), overwrite, parasitic, cavity, entry point obfuscation,
code integration (W95/Zmist virus)

Question 15

whats a worm

Answer 15

Self-replicating, spreads (autonomously) over network
Exploits vulnerabilities aecting a large number of hosts
Sends itself via email
e.g., Internet worm, Netsky, Sobig, Code Red, Blaster, Slammer

Question 16

whats atrojan

Answer 16

Malicious program disguised as a legitimate software

Many dierent malicious actions

Question 17

whats a rootkit

Answer 17

Used to keep access to a compromised system
Usually hides les, processes, network connections
User- and kernel-level