Chapter 1 - Trojans and Backdoors

Question 1

backdoor

Answer 1

The entrance to a network that bypasses normal authentication and security procedures.

Question 2

client-server network model

Answer 2

The model that defines communication interactions between individual client computers and servers.

Question 3

covert channel

Answer 3

Illegal, hidden path used to transfer data from a network.

Question 4

Internet Control Message Protocol (ICMP)

Answer 4

A connectionless protocol that is generally used to provide error messages to unicast addresses

Question 5

ICMP tunneling

Answer 5

Utilization of the ICMP to bypass filtering by network devices.

Question 6

Internet Relay Chat (IRC)

Answer 6

A form of instant text-based communication carried out over the internet.

Question 7

keylogger

Answer 7

Hardware or software that records the keystrokes or mouse movements entered into a computer.

Question 8

overt channel

Answer 8

Legal, secure channels for transferrign information and data within a network.

Question 9

Post Office Protocol version 3 (POP3)

Answer 9

An e-mail transfer protocol for downloading e-mail from a POP server, using port 110.

Question 10

Transmission Control Protocol (TCP)

Answer 10

A protocol that defines and regulates the method of data transmission between computers

Question 11

Trojan horse

Answer 11

A program in which malicious or harmful code is contained inside apparently harmless programming or data.

Question 12

User Datagram Protocol (UDP)

Answer 12

A data-transmission protocol that does not require transmission paths to be established before data is transmitted.

Question 13

virtual network computing (VNC) software

Answer 13

Software that allows users to remotely control a computer.

Question 14

wrapper

Answer 14

A program used to bind trojan executables to legitimate files.

Question 15

What are the signs of a Trojan infection?

Answer 15

Various unexplained activity and ports listening that shouldn’t be.

Question 16

Name and describe three types of Trojans.

Answer 16

RAT - Allow full control over system. Data-Sending Trojan - Provides attackers with passwords and confidential information. Proxy Trojans - Turn the infected system into a proxy server for attacker anonymity.

Question 17

What is a Trojan horse construction kit?

Answer 17

Kits help attackers construct Trojan horses of their choice.

Question 18

How do RATs work?

Answer 18

They turn the system into a server that listens on specific ports. Not as effective if the system is behind a firewall.

Question 19

Name 3 methods used to detect Trojans.

Answer 19

1. Scan for suspicious open ports. 2 Scan for suspicious running processes. 3. Scan for suspicious registry entries. 4. Scan for suspicious network activities. 5. Run a Trojan detector.

Question 20

How does a reverse connecting Trojan work?

Answer 20

The Trojan initiates a connection back to a listening system, allowing the attacker to bypass firewalls.

Question 21

What is an XSS tunnel?

Answer 21

A tunnel allowing HTTP traffic through an XSS channel to use any application that supports HTTP proxies.

Question 22

How is a virus different from a worm?

Answer 22

Worms are self-replicating, does not modify stored programs, and is easy to remove while viruses are the opposite.

Question 23

What are the three best methods of virus detection?

Answer 23

Scanning, Integrity checking and interception.

Question 24

What do macro viruses target?

Answer 24

Single applications

Question 25

What phases are part of a virus’s cycle?

Answer 25

Infection and Attack