427 Botnet fm qxd

Q: 
What is one of the most common methods bots use to spread and infect
new systems?
A: 
All the major bot families target insecure or poorly secured network
shares.Typically, the bot contains a list of common usernames and pass-
words to attempt, as well as some capability to seek out usernames and
passwords found on the target system.
Q: 
How do bots typically ensure that they continue running?
A: 
Bots generally modify the Windows registry to add values to registry keys
to make sure that the bot software is automatically started each time
Windows starts.
Q: 
What unique method of propagation was introduced by the Agobot
family?
A: 
The Agobot family of bots (also known as Gaobot or Phatbot) uses P2P
networking as a unique method of spreading to new systems.
Q: 
Which bot family pioneered the use of encryption algorithms to protect
the code from being reverse-engineered or analyzed?
A: 
The RBot family uses one or more runtime executable packing utilities
such as Morphine, UPX, ASPack, PESpin, EZIP, PEShield, PECompact,
FSG, EXEStealth, PEX, MoleBox, or Petite to encrypt the bot code.
Q: 
What is unique about the Spybot family of bots?
A: 
Spybot is based on SDBot but adds spyware capabilities such as keystroke
logging and data theft or password stealing.
www.syngress.com
Common Botnets • Chapter 4
131
Frequently Asked Questions
The following Frequently Asked Questions, answered by the authors of this
book, are designed to both measure your understanding of the concepts pre-
sented in this chapter and to assist you with real-life implementation of these
concepts. To have your questions about this chapter answered by the author,
browse to 

Download 6,98 Mb.

Do'stlaringiz bilan baham: