assignment 02 botnet

The spreading mechanisms used by bots is a leading cause for "background noise" on the Internet, especially on TCP ports 445 and _____.

135

What port number has a MySQL UDF weakness?

3306

Types of DDoS flood attacks.

Connection flood, SYN flood, ICMP flood

Flooding a website with more HTTP Request than can handled from many different controlled sites is called

DDoS

Most botnets run on _____.

IRC

The _____ botnet is currently used as a clickbot, generating ad revenue for the botmaster through constant ad-specific activity.

Tr/dldr.agent.jkh

Formerly used for spamming, this botnet has shifted to downloading other malware, with its main focus on fake alerts and rogue antivirus software.

Trojan.fakeavalert

Kinds of attacks that can be launched from a botnet.

all of them

Ways in which a hacker can spread his bot code.

all of them

The controller of a botnet is called the _____.

bot herder

Aka Downadup.

conficker

The Honeynet Project IRC client is called _____.

drone

Related to Foonet which was used a DDoS.

echouafni

Recursive HTTP-flood is also know as spoofing.

false

Three different IRC servers software implementation are commonly used to run a botnet.

false

This crimeware focuses on stealing online game logins, passwords and account information.

gammima

The action of obtaining a bot army is called _____.

harvesting

A method used to observe botnets.

honeynets

_____ is a form of real-time communication over the Internet and the way botnets communicate.

internet relay chat

A bot herder can use a ____ to record all activity on an infected computer.

keylogger

The botnet used to maximize pay-per-click revenue.

koobface

Port 135/TCP is used by _____ to implement Remote Procedure Call (RPC) services

microsoft

_____ is a malware and attack trace collection daemon, uniting the best of honeytrap and nepenthes

mwcollectd

To learn about a victim's machine the bot herder uses the _____ command.

netinfo

A lot of herders run Window mIRC with a tool called _____.

nonamescript

What is the name of the .exe file created in the first video on botnets.

r

A command that allows a bot herder to remotely log in to a server in the network as if they were at a terminal directly connected to that computer.

rlogin

What is the name of the bot herder in the watchguard videos.

spike

A variant of the Lop malware.

swizzor

On average, the expected lifespan of the honeypot is less than _____.

ten minutes

Bot herders protect their botnets by making sure they only obey commands that start with particular prefix.

true

Bot source code always includes a configuration file.

true

Bots can also use a packet sniffer to watch for interesting clear-text data passing by a compromised machine.

true

DDoS attacks are not limited to web servers, virtually any service available on the Internet can be the target of such an attack.

true

Some successful botnet attackers have even sold some of the stolen software items on eBay.

true

_____ is cross-platform and can thus be used to easily link machines running Windows and Linux.

unreal ircd

The name of the botnet that Microsoft successfully attacked.

waledac

This botnet uses key-logging techniques to steal data including by inserting fake HTML forms into online banking login pages to steal user data.

zeus

Another name for the collection of hijacked computers that are a part of a botnet.

zombies