What operating system and browser version were in use by Vick at the time of the attack?

Referring to the case file “evidence-malware.pcap” in the CH12-Malware folder . Answer the following questions.

1. What operating system and browser version were in use by Vick at the time of the attack?


2. Vick’s initial HTTP request is missing a Referer header. What could this indicate about the source of the attack?

3. What was the full URL (including port) of the GIF file that was requested by the victim’s browser?

4. Which of the following was the delivery mechanism for the Internet Explorer exploit?

(A) An backdoored GIF file

(B) Javascriipt code

(C) A Windows executable

(D) An infected PHP module

5. What was the timestamp of the initial port 4444 connection (initial SYN packet)?

6. What type of file was downloaded via the port 4444 connection? What was the likely purpose of this file?

7. The Windows executable file that was downloaded contains a function that calls for an HTTP GET request. What is the contents of this GET request?

8. What is the MD5 checksum of the malicious Windows executable file?

9. Vick’s computer makes several failed connection attempts to the malicious server on port 4445. Approximately how often does the source port change during these connection attempts?

10. What is the CVE number of the Internet Explorer exploit used in this attack?

Last Completed Projects

topic title academic level Writer delivered

Leave a Comment