Exam SY0-501 topic 1 question 536 discussion

I am inclined to go with the provided answer. Key statement in the question is: "The traffic appears to be Linux-based, and it is targeting a website that was recently featured on the news as being taken offline by an Internet attack." If the compromised device is reaching out to a website that was recently brought down because of an internet attack, does that not sound like a DDoS? Which would tell me the camera was infected by a bot.

Hooray, yet another bad question. Loving the guy who said 'it's not a backdoor' and called everybody retards.... rookie. I hack systems for love and money (HR are forcing me to complete this silly exam) and quite frankly, all the provided answers are valid. This usually means we need to identify some key aspect of what is happening in the questions scenario in order to get the best answer. For the attack, a Trojan is valid, but since the owner of the hardware probably didn't download and accidentally install anything on the device, it probably wasn't a Trojan in this case. Though this isn't entirely unfeasible. Could there be a backdoor. Absolutely yes. I might plant one so that I can attack again from the same location. Also, if there is a backdoor, this might be a RAT, which is why the writer of this question needs to be slapped. I will stick with the provided answer (A), since a common type of attack these days is to launch multiple IoT (the linux device) bots against a single target in order to overwhelm it. For an exam that allows under a minute per question, this one is idiotic and I'd sure like to question the writer as to his motives/reasoning. As really, any of the answers could allow the attack to take place.

A. The camera system is infected with a bot. ----> It has become a zombied member of a botnet that is participating in a DOS attack ON---->website that was recently featured on the news as being taken offline by an Internet attack.

How is this even possible to be "D"? This is A for sure, the attack made server offline - infected by bot

Camera behaves like bot and part of a botnet. It does send traffic to website which recently was taken down by DDoS as it seems. To me Only possible is A despite shitty wording in the answer.

correct key word " describes what is happening"

The case mentioned in the question is the same case with Mirai Botnet. I will not go into details about what happened but here is a good link for those who wonder: https://www.csoonline.com/article/3258748/the-mirai-botnet-explained-how-teen-scammers-and-cctv-cameras-almost-brought-down-the-internet.html The thing here, almost all the articles about the case calls Mirai as a malware and it's %100 true definition. Just for simplifying the case i'm rewriting what happened: Individiual components (IoTs mostly) infected via Mirai malware and turned into bots to be part of Mirai Botnet.

Typically, an attacker will compromise one or two machines to use as handlers, masters, or herders. The handlers are used to compromise hundreds or thousands or millions of zombie (agent) PCs with DoS tools (bots) forming a botnet. To compromise a computer, the attacker must install a backdoor application that gives them access to the PC. They can then use the backdoor application to install DoS software and trigger the zombies to launch the attack at the same time.

Again, you cannot infect a system with a BOT. A bot is an infected system used in botnets to launch DDoS. RAT (Remote Access Trojan) is a type of infection that provides the means to access a remote system an run commands on it. RATs are used to create bots.

The malware (mirai) was the tool to place the bot software on the camera. Therefore A. The camera system is infected with a bot. Mirai (Japanese: 未来, lit. 'future') is a malware that turns networked devices running Linux into remotely controlled bots that can be used as part of a botnet in large-scale network attacks. https://en.wikipedia.org/wiki/Mirai_(malware)

The Bot has been used to recruit as many hosts as possible to create a DDOS attack which is why the website is down.

We infect systems with malware, viruses or worms. Hence: A) You infect a system with malware and it becomes a bot. A bot isn't an infection. B) If you infect a system with a RAT then you can turn it into a bot. C) This answer is too generic. D) A backdoor is either left by the developer or an attacker can install a backdoor after compromising the system. You cannot infect a system with a backdoor. So based on the fact that B provides the only means of infecting a system with malware such that it can become a bot, I chose it as my answer.

Yeah, I agree. "D" should be a correct answer.

Correct answer, D. The camera system is infected with a backdoor. Trust me with this!