Question 3 An audit of the PCs in a small company's offices identifies a machine with a piece of malware running on it.

[answerhappygod]

Question 3 An Audit Of The Pcs In A Small Company S Offices Identifies A Machine With A Piece Of Malware Running On It 1 (132.93 KiB) Viewed 12 times

Question 3 An audit of the PCs in a small company's offices identifies a machine with a piece of malware running on it. Analysis indicates that the malware has recruited the machine to be part of a botnet. Machines in this botnet can be commanded remotely by the attacker. (a) Discuss two different ways in which the malware could have ended up on the PC. Give a plausible explanation why the malware might have been able to avoid detection by anti-virus software running on the PC. [6 marks] (b) The malware shows up in process listings as a process that you would normally expect to see running on this OS. The corresponding executable file has the same name as a legitimate tool available for that OS. Given these facts, discuss two different ways in which the malware may have aroused the analyst's suspicions. [6 marks] (c) The analyst suggests that providing digital signatures for all executable files on the PC would be a good way of defending against malware-based attacks. Explain briefly how this would work. In your explanation, identify the conditions necessary for this technique to protect the system successfully. [4 marks] (d) Discuss how the attacker responsible for the malware might use their botnet to conduct a DDoS attack on a victim. Include in your discussion an explanation of why firewalls on the company's network or the malware-infected PC itself might be unable to prevent the PC from being commanded to participate in the DDoS. [4 marks] [Question 3 total: 20 marks]