Definitions - Benign
The category we would use for a website offering shipping and mailing services.
A) Travel
B) Financial-services
C) Business-and-economy
B) Business-and-Economy
Which 2 categories are the categories we CANNOT use without malware team's approval?
A) Malware and hacking
B) Extremism and malware
C) Command-and-control and malware
C) Command-and-control and malware
If you receive a URL that displays a parked page with sexually explicit images, what category would be most appropriate?
Adult!
Remember we always choose parked UNLESS there is adult CONTENT - not words - displayed (adult), or if the domain name is typosquatting a legitimate page (grayware).
Name as many of the 10 grayware tags as you can
(10 points each).
TRIPLE if you can name them all!
1. Illegal-activity
2. Rogueware-adware
3. Typosquatting
4. Scam
5. Random-redirections
6. Hacked-site
7. Youtube-download
8. Infected-drive-by-download
9. Chrome-red-page-except-deceptive-site
10. http-and-https-different-content
What is a CR?
A Change Request...
...Submitted by the customer that gets sent to EMC for editors' review.
The category we would use for a website offering sushi takeout.
A) Society
B) Hunting-and-fishing
C) Travel
A) society
You receive a URL that the customer suggests as "malware". You take it to your remote machine and plug it into VirusTotal to be scanned.
Name 1 of 2 ways that we determine we need to submit this to the malware team?
DOUBLE if you can name both!
1. 3 or more VirusTotal hits from ANY vendor
2. AT LEAST 1 VirusTotal hit from a TRUSTED Vendor
You receive a URL that, upon launch, displays a blog that, as you look further, you see users posting discriminating text and images, and decide this site should be labelled "extremism".
What should you do?
A) Ask fellow expert editors for confirmation, if they are around.
B) Classify as extremism when you receive confirmation.
C) Send an email to Hector, Bahman, Fatemeh, and Maggie with the URL and screenshots of evidence if they are not online to Slack, and choose "forward-to-expert".
D) All of the above
D) All of the above!
What is the Red Page we do NOT use to classify as grayware?
A) The site ahead contains harmful programs
B) Deceptive site ahead
C) The site ahead contains malware
DOUBLE the points if you can name the category it's actually associated with.
B) Deceptive Site Ahead!
DOUBLE: Phishing!
You receive the URL mybusiness.com. When you launch the page, you notice on the homepage the text "This site has been hacked! Mwahaha."
What is the appropriate category for mybusiness.com?
A) Business-and-economy
B) Grayware
C) Malware
D) Hacking
B) grayware -> hacked site
The category we would use for a website offering free wallpaper (and there are no payment options/plans).
A) Content-delivery-network
B) Shareware-and-freeware
C) Web-hosting
B) shareware-and-freeware
TRUE OR FALSE: Extremism is a malicious category.
FALSE!
It's a "severe" category, but not one of the 5 malicious categories.
You receive a URL that displays a camping website. There's a section for hiking trails, a blog section, a map, and a small section for shopping hunting knives.
TRUE/FALSE: The small portion of the site that sells knives is good enough to categorize the entire domain as "weapons + shopping".
FALSE!
Remember, according to our definitions - if the website is not predominantly about selling firearms, classify it as hunting-and-fishing.
You receive the URL 50Company.xyz. Upon launching it, you notice it redirects to wikipedia.com. You launch 50Company.xyz a second time and notice it now redirects to Facebook.com. After researching this domain a bit more, you determine that this is a case of grayware.
What is the appropriate grayware tag to use?
A) http and https different content
B) typosquatting
C) random redirections
C) random-redirections
What is the difference between a cloud category and a suggested category?
The suggested category is the category that the customer is suggesting the original URL should be.
The cloud category is the preserved URL's current category, thus the category that the original URL inherits.
You receive a URL that shows a soft404. When doing your research you see on WhoIs that the owner of the site is HempAmerica. You Google "What is the company HempAmerica" and see that they are an agricultural company specializing in growing hemp and marijuana.
What are the two categories you would use to classify this domain? WARNING: Order of primary and secondary categories matter!
A) Primary: Health-and-medicine ; Secondary: abused-drugs
B) Primary: Abused-drugs ; Secondary: Shopping
C) Primary: Abused-drugs ; Secondary: Health-and-medicine
C) Primary: Abused-drugs ; Secondary: Health-and-medicine (NO 50/50 checkbox)
TRUE OR FALSE: We cannot make IP addresses
(without a path) a malicious category.
TRUE!
An IP without a path (i.e. 192.168.255.255/path/example.html) cannot be a malicious category. If we block an IP address as malicious, we're potentially blocking all domains hosted on this IP as well!
TRUE/FALSE: You receive a URL for a casino that allows gambling on their website should be classified as "gambling" and not "travel".
TRUE!
If there is any gambling on the website, it should be classified as gambling.
You receive the URL cookiemonster.com. Upon launch, you see that this redirects to Twitter.com. You launch it again and it still redirects to Twitter.com. However, you launch the same URL with the https protocol - https://cookiemonster.com - and see that this redirects to Instagram.com! After further research you determine this is grayware.
What is the appropriate grayware tag for this case?
A) http and https different content
B) typosquatting
C) random redirections
A) http-and-https-different-content
What is the difference between the Original URL and the Preserved URL?
The Original URL is the URL the customer directly submits on Test-A-Site for review.
The Preserved URL is the closest parent we have categorized in our database
Remember - Sometimes the Original URL is in fact in our database, so the Preserved URL will be an exact match!
Name 5 of the 9 categories that can have "shopping" added as a secondary category.
DOUBLE if you can name all 9!
What is
1. Adult
2. Health-and-medicine
3. Home-and-garden
4. Hunting-and-fishing
5. Motor-vehicles
6. Music
7. Religion
8. Swimsuits-and-intimate-apparel
9. Weapons
Name 3 of the 5 malicious categories.
DOUBLE if you can name all 5!
What is:
1. Phishing
2. Malware
3. Grayware
4. Command-and-Control
5. Hacking
Name 6 of the 11 severe categories (HINT: Severe categories include the 5 MALICIOUS categories!)
What is
1. Phishing
2. Malware
3. Grayware
4. Command-and-control
5. Hacking
6. Adult
7. Abused-drugs
8. Alcohol-and-tobacco
9. Extremism
10. Gambling
11. Weapons
In the this imaginary scenario, we receive the following CR in EMC:
Original URL: offic3.com
Customer Suggests The Category: malware
Cloud (Current) Category: unknown
There is no content shown on the domain, nor on any of its child domains. You check WhoIs.com and under registrant info, you see the owner is Microsoft.
Name the correct category you would choose.
What is computer-and-internet-info
This wouldn't be grayware because Microsoft owns this! In this imaginary scenario, Microsoft is "defensive squatting" office.com
You receive a URL that displays the error: "Unable to determine IP address". After further research and asking other team members, no other evidence of ownership/function of the site is found.
What is the correct "category" for this case?
A) Insufficient-content
B) No-Access
C) Private-IP-Addresses
B) No-Access