Describe a malware attack that causes the victim to receive physical advertisement. P.219 Question C-4.9 Suppose that a metamorphic virus, DoomShift, is 99% useless bytes and 1% useful bytes....

P
P.217 Question C-4.2
Describe a malware attack that causes the victim to receive physical advertisement.
Solution:
These malware programs often change browser settings, alter system files and create new default Web pages. Typically, infected systems are plagued with new tool bars and a constant barrage of popup ads. Scores of useless and annoying Web sites can be added to your "favorites" folders without you having selected them!
Typically, malware will also collect personal information from users' systems regarding their Web activities, transferring it to advertising and data-research companies. These companies determine the Web sites that users frequent and employ the information to tailor the ads they send to individual users as email attachments as physical advertisements. A malware author may intend to attack only a few organizations,
seeking crucial financial data or banking credentials, and carefully preparing the attack with up-front research and reconnaissance . They may launch an attack with a spoofed
email containing an infected document attachment crafted to tempt specific recipients .
Several malware programs even regularly update their own program codes on infected computers. Popup and popunder ads are another great nuisance originated by adware, but more importantly, malware also causes computers to perform poorly. Frequently, infected systems freeze up or crash.
For example, a financial decision-maker might receive an infected spreadsheet promising quarterly sales data . If the targeted person opens the infected document without it
being flagged and the malware is installed, it may sit quietly until a user logs onto the company’s online banking site . At this point, the malware may steal credentials
through keystroke logging or by intercepting the second authentication factor in a two-factor authentication system .The attacker then can use the login for a future attack .
The most common way for malware to work its way into your system is to piggyback on a free program that is downloaded from the Internet. Most users click on an "I agree" or "I accept" button without reading the long and complex license agreement that expresses consent to place the malware onto their systems.
These days, most users have been warned about not clicking into unknown attachments or accepting downloaded programs. Unfortunately, at this point, a "wrong click" is not all you have to be worried about. More sophisticated malware programs are now employing the so-called "drive-by downloads." All you have to do to become infected with malware these days is visit a popular and presumably safe Web site, where malware can automatically latch onto your system and thus their advertisements are poped up.
P.219 Question C-4.9
Suppose that a metamorphic virus, DoomShift, is 99% useless bytes and 1% useful bytes. Unfortuntely, DoomShift has infected the Login program on your Unix system and increased its seize from 54K bytes to 1054K bytes;hence, 1,000K bytes of login program now consists of the DoomShift viruss. Barb has a cleanup program, DoomSweap, that is able to prune away the useless bytes of the Doomshift virus, so that in any infected file it will consist of 98% useless bytes and 2% useful bytes. If you apply DoomSweep to the infected login program, what will be its new size?
Solution:
The login program size is 54k
Therefore the size of virus code is 1000k bytes of which 99% is 0.99 x 1000k = 990k bytes is useless and only the remaining 1000k – 990k =10k bytes are useful
When the cleanup program downsweep is run and it prunes away the useless bytes of the virus code and make it contain 98% of useless bytes and 2% useful bytes.
This implies the 10k bytes of useful bytes now form 2% of the virus code ie., the total size of the viruscode = 10k/ 0.02 = 500K bytes (of which 500k – 10k = 490k are useless bytes).
P.266 Question C-5.11
Show how to defend against the DOS attack of Exercise C5-10.
5.10 You are the system administrator for an provider that owns a large network (eg. At least 64,000 IP addresses). Show how you can use SYN cookies to perform DOS attack on a web server.
Solution:
Denial-of-service (often abbreviated as DoS) is a class of attacks in which an attacker attempts to prevent legitimate users from accessing an Internet service, such as a web site. This can be done by exercising a...