CS 6262 - L3 Cybercrime

Which roles operate within the cybercrime ecosystem? A-Exploit developers B-Botnet masters C-Legitimate banks D-Spammers

A, B, D

Which activities are commonly handled by botnet masters? A-Managing compromised hosts B-Sending spam manually C-Running command-and-control servers D-Selling botnet access

A, C, D

Which services do bulletproof hosting providers typically offer? A-Ignoring abuse complaints B-Hosting malicious content C-Immediate takedowns of illegal sites D-Resisting law enforcement pressure

A, B, D

Which tasks are commonly outsourced in cybercrime operations? A-Traffic acquisition B-Exploit development C-Infrastructure hosting D-Legitimate advertising

A, B, C

Which actors participate in monetizing stolen financial data? A-Carders B-Money mules C-Exploit developers D-Payment processors in underground markets

A, B, D

Which characteristics define crowdturfers? A-Creating fake accounts B-Solving CAPTCHAs at scale C-Running DDoS attacks D-Automated human-like interactions

A, B, D

Underground forums commonly include which elements? A-Reputation systems B-Marketplace listings C-Formal government contracting D-Escrow services

A, B, D

Why are Exploits-as-a-Service effective? A-They allow specialization of roles B-They couple compromise and monetization tightly C-They lower entry barriers for attackers D-They automate exploitation

A, C, D

Traffic-PPI services generally include which features? A-Traffic redirection B-Exploit kit hosting C-Fraud chargeback processing D-Affiliate-based distribution

A, B, D

Doorway pages typically demonstrate which behaviors? A-Keyword stuffing B-Redirecting users C-Avoiding search engine manipulation D-Being used for blackhat SEO

A, B, D

Crypters provide which functions for malware? A-Hiding code from antivirus systems B-Packing and encryption C-Increasing malware detectability D-Obfuscation

A, B, D

Blackhat SEO relies on which techniques? A-Search result manipulation B-Traffic generation for malicious sites C-Using only legitimate optimization D-Compromising high-ranking sites

A, B, D

Trojan download managers perform which actions? A-Download malware B-Update malware payloads C-Remove all malicious software D-Execute new installation modules

A, B, D

Which weaknesses apply to centralized C2 systems? A-Single point of failure B-Easy to locate and block C-Fully anonymous by default D-Efficient control but fragile

A, B, D

P2P C2 infrastructures provide which advantages? A-Higher resilience B-Decentralization C-More predictable command delivery D-Harder to shut down

A, B, D

Which features describe fast-flux DNS operations? A-Rapidly changing IP addresses B-Load distribution across many bots C-Static DNS records D-Increased takedown resistance

A, B, D

Domain generation algorithms (DGAs) provide which benefits to botnets? A-Large sets of possible domains B-Harder domain blocking C-Guaranteed domain availability D-Ability to evade simple blacklists

A, B, D

Spam campaigns typically exhibit which characteristics? A-Mass sending B-Inappropriate or unsolicited content C-High explicit consent rates D-Botnet-assisted distribution

A, B, D

Spam affiliate programs commonly offer which compensation methods? A-Revenue sharing B-Per-sale commissions C-Guaranteed minimum monthly income D-Affiliate tracking systems

A, B, D

Pharma spam research found which trends? A-Low conversion rates B-Highly skewed affiliate productivity C-High legitimacy of products D-Global participation in purchases

A, B, D

Challenges for scam operations often include which factors? A-Payment processing constraints B-Traffic acquisition problems C-Excessive law enforcement support D-Maintaining infrastructure availability

A, B, D

Which behaviors characterize fraudulent payment operations? A-Use of money mules B-Use of stolen credit cards C-Full compliance with banking regulations D-Bypassing chargebacks

A, B, D

Which elements are part of cybercrime supply chains? A-Exploit kits B-Traffic sellers C-Academic peer review D-Bulletproof hosts

A, B, D

Cybercriminal monetization strategies often rely on: A-Affiliate programs B-Automation tools C-Transparent corporate reporting D-Stolen financial credentials

A, B, D

Which components contribute to resilience of cybercrime infrastructure? A-Distributed C2 B-Fast-flux networks C-Frequent domain rotation D-Exclusive use of a single server

A, B, C

Which actor develops exploits and sells them for profit? A-Botnet masters B-Exploit developers C-Spammers D-Mules

B

Botnet masters primarily: A-Sell credit card numbers B-Create and control compromised machines C-Process stolen payments D-Solve CAPTCHAs

B

Spammers typically: A-Use botnets to send bulk email B-Develop exploits C-Provide bulletproof hosting D-Create payment systems

A

Phishers rely on spammers to: A-Send stolen credit cards B-Send URLs to scam sites C-Deliver counterfeit goods D-Provide infrastructure

B

Bulletproof hosting providers: A-Operate in highly regulated regions B-Shut down sites quickly C-Ignore complaints and law enforcement D-Only host legitimate sites

C

Carders and mules mainly: A-Send spam B-Develop malware C-Turn stolen accounts into cash D-Operate DNS servers

C

Crowdturfers specialize in: A-Domain registration B-Creating fake accounts and solving CAPTCHAs C-DNS fast-flux D-Botnet C2

B

Underground forums are primarily used for: A-Legitimate e-commerce B-Advertising illicit goods and services C-Government communication D-Academic research

B

In Exploits-as-a-Service, compromise and monetization are: A-Coupled B-Decoupled C-Identical D-Not related

B

Traffic-PPI services bundle: A-Exploit hosting and payment B-Traffic acquisition and exploit hosting C-Botnet rental and spam D-Domain registration and DNS

B

A doorway page is: A-A malware packer B-A page with keyword stuffing that redirects users C-A spam filter D-A payment processor

B

A crypter is used to: A-Encrypt DNS records B-Hide malware from antivirus detection C-Boost SEO rankings D-Manage botnets

B

Blackhat SEO aims to: A-Decrease traffic B-Increase traffic using manipulation C-Perform encryption D-Shut down scam sites

B

Trojan Download Managers: A-Block user updates B-Install or update malware on victims C-Detect phishing D-Repair infected hosts

B

Centralized C2 is efficient but vulnerable due to: A-High cost B-Slow communication C-Single point of failure D-No DNS support

C

Peer-to-peer C2 improves robustness at the cost of: A-More synchronized control B-More reliable commands C-Less predictable command distribution D-Direct IRC usage

C

Fast-flux DNS helps botnets by: A-Using one static IP B-Rapidly rotating IPs C-Blocking DNS queries D-Using only IPv6

B

Random domain generation gives bots: A-Access to public domains B-A large set of algorithmically generated domains C-Only one domain to query D-Guaranteed stability

B

Two defining features of spam are: A-Encrypted and targeted B-Inappropriate and mass sent C-Signed and verified D-Always malware-bearing

B

Spam affiliate programs pay spammers: A-Nothing B-Flat fees only C-30–50% commissions D-Per-byte fees

C

Storm botnet research showed spam filter bypass rate of about: A-50% B-10% C-1% D-0.014%

D

Top countries adding items to cart from spam were: A-China, Russia, India B-US, Canada, Philippines C-Brazil, UK, Germany D-Japan, Mexico, Spain

B

A key weakness in scam operations is: A-Traffic acquisition B-Financial services/payment processing C-Botnet size D-Malware packers

B

Pharmaleaks data revealed affiliates: A-Are evenly productive B-Have skewed revenue distribution C-Never earn money D-Are impossible to track

B

Net profits for pharma scams are typically: A-Huge, >80% B-Moderate, under 20% C-Zero D-Unknown

B