Reveal ALL Solution
Worksheet 08: Malware
Worksheets are self-guided activities that reinforce lectures. They are not graded for accuracy, only for completion. Worksheets are due by the start of the next lecture via Blackboard link as a single PDF document. Be sure to properly label each question.
-
What is a virus?
Reveal Solution
A computer virus is a program that can infect other programs or files by modifying them to include a possibly evolved copy of itself.
-
How do worms differ from viruses?
Reveal Solution
- Worms propagate automatically, potentially without user interaction
- Worms spread across machines and over networks
- Worms are more likely to exploit software vulnerabilities rather than software features
-
Read the wikipedia article on the Blaster Worm. Describe it’s attack vector, how it self propogated, and what did it do?
Reveal Solution
Blaster propagated via a buffer overflow in the DCOM RPC service. It self propagated by spamming other IP addresses via the RPC service, exploiting them, and then installing itself on that system. Once installed, it initiated a denial of service attack against Microsoft update. It ensure it ran at startup by adding a command to the windows’ registry.
-
Once a machine is infected, an attacker may install a backdoor. What is a backdoor?
Reveal Solution
It’s a mechanism that allows an attacker to access a system not through the normal access systems. For example, this could be openning a new port on the system that allows incoming connections.
-
What are keyloggers?
Reveal Solution
Keyloggers are programs installed on victim machines that log all keystrokes. The idea behind them is to capture any passwords or other sensitive information that could be used for profit, or to infect other machines.
-
Read the wikipedia article about the Sony Rootkit. What was the purpose of the rootkit, and what made it a rootkit, as opposed to benign program?
Reveal Solution
The purpose of the rootkit was for Sony to try and determine if users were stealing music from the CDs they purchased, and then uploading them to music sharing websites. What made it a rootkit is that it was installed without user knowledge and attempted to hide itself. It also didn’t come with an uninstaller. It also included other vulnerable software that could be exploited by other atackers.
-
What is ransomware and what exactly is being ransomed?
Reveal Solution
Ransomeware is a form of malware that once installed, encrypts all the core files on the system using strong encryption, making them functionally unavailable. The attacker then ransoms the key to the owner of the file that could be used to decrypt.
-
Listen to The Journal’s podcasst on ransomware attacks on hospitals in 2021 and one about MGM Casinos from 2024 about the dileminas of paying ransoms.
In your opinion, is it better to pay or rebuild your systems? What are the benefits to both.
Reveal Solution
Paying:
- Get data back
- May actually cost less
- BUT, doesn’t mean the attackers haven’t left a backdoor into your system and try to exploit you again.
Rebuilding
- Need to have backups
- Could take a lot of time, and may actually cost more
- Building from scratch means you could secure your network and redesign from the ground up
-
What is a botnet? And what particularly bad thing could they be used for?
Reveal Solution
A botnet is a collection of infected machines under a centralized control. They can be particularly powerful for a number of nefarious tasks, most of all, performing distributed denial of service attacks.
-
Read the wikipedia article about the Storm Botnet. How large was it at its height? And what was its primary function?
Reveal Solution
50 million computers and it was mostly used to send spam emails, as well as denial of service.
-
A common social engineering attack involves spearphishing. Read the following article about John Podesta’s email leak from 2016 and listen to the following ReplyAll podcast #97 What Kind Of Idiot Gets Phished?
If you were giving advice to someone, what is one way to avoid this kind of attack?
Reveal Solution
If you get an email you don’t trust, try going to the original site directly, not clicking on any links on the email. If you’re being targeted specifically, try reaching out to that person through different means.