Ethical Hacking and Countermeasures
Question No: 231 – (Topic 6)
Which of the following statements would not be a proper definition for a Trojan Horse?
An unauthorized program contained within a legitimate program.
This unauthorized program performs functions unknown (and probably unwanted) by the user.
A legitimate program that has been altered by the placement of unauthorized code within it; this code perform functions unknown (and probably unwanted) by the user.
An authorized program that has been designed to capture keyboard keystrokes while the user remains unaware of such an activity being performed.
Any program that appears to perform a desirable and necessary function but that (because of unauthorized code within it that is unknown to the user) performs functions unknown (and definitely unwanted) by the user.
Explanation: A Trojan is all about running unauthorized code on the users computer without the user knowing of it.
Question No: 232 – (Topic 6)
Spears Technology, Inc is a software development company located in Los Angeles, California. They reported a breach in security, stating that its “security defenses has been breached and exploited for 2 weeks by hackers. “The hackers had accessed and downloaded 90,000 address containing customer credit cards and password.
Spears Technology found this attack to be so to law enforcement officials to protect their intellectual property.
How did this attack occur? The intruder entered through an employees home machine, which was connected to Spears Technology, Inc’s corporate VPN network. The application called BEAST Trojan was used in the attack to open a “Back Door” allowing the hackers undetected access. The security breach was discovered when customers complained about the usage of their credit cards without their knowledge.
The hackers were traced back to Beijing China through e-mail address evidence. The credit card information was sent to that same e-mail address. The passwords allowed the hackers to access Spears Technology’s network from a remote location, posing as employees. The intent of the attacker was to steal the source code for their VOIP system and “hold it hostage” from Spears Technology, Inc exchange for ransom.
The hackers had intended on selling the stolen VOIP software source code to competitors.
How would you prevent such attacks from occurring in the future at Spears Technology?
Disable VPN access to all your employees from home machines
Allow VPN access but replace the standard authentication with biometric authentication
Replace the VPN access with dial-up modem access to the company’s network
Enable 25 character complex password policy for employees to access the VPN network.
Explanation: As long as there is a way in for employees through all security measures you can’t be secure because you never know what computer the employees use to access recourses at their workplace.
Question No: 233 – (Topic 6)
William has received a Tetris game from someone in his computer programming class through email. William does not really know the person who sent the game very well, but decides to install the game anyway because he really likes Tetris.
After William installs the game, he plays it for a couple of hours. The next day, William plays the Tetris game again and notices that his machines have begun to slow down. He brings up his Task Manager and sees the following programs running (see Screenshot):
What has William just installed?
Remote Access Trojan (RAT)
Zombie Zapper (ZoZ)
Bot IRC Tunnel (BIT)
Root Digger (RD)
Explanation: RATs are malicious programs that run invisibly on host PCs and permit an intruder remote access and control. On a basic level, many RATs mimic the functionality of legitimate remote control programs such as Symantec#39;s pcAnywhere but are designed specifically for stealth installation and operation. Intruders usually hide these Trojan horses in games and other small programs that unsuspecting users then execute on their PCs.
Typically, exploited users either download and execute the malicious programs or are tricked into clicking rogue email attachments.
Question No: 234 – (Topic 6)
John wishes to install a new application onto his Windows 2000 server. He wants to ensure that any application he uses has not been Trojaned. What can he do to help ensure this?
Compare the file#39;s MD5 signature with the one published on the distribution media
Obtain the application via SSL
Compare the file#39;s virus signature with the one published on the distribution media
Obtain the application from a CD-ROM disc
Explanation: MD5 was developed by Professor Ronald L. Rivest of MIT. What it does, to quote the executive summary of rfc1321, is:
[The MD5 algorithm] takes as input a message of arbitrary length and produces as output a 128-bit quot;fingerprintquot; or quot;message digestquot; of the input. It is conjectured that it is computationally infeasible to produce two messages having the same message digest, or to produce any message having a given prespecified target message digest. The MD5 algorithm is intended for digital signature applications, where a large file must be quot;compressedquot; in a secure manner before being encrypted with a private (secret) key under a public-key cryptosystem such as RSA.
In essence, MD5 is a way to verify data integrity, and is much more reliable than checksum and many other commonly used methods.
Question No: 235 – (Topic 6)
Assuring two systems that are using IPSec to protect traffic over the internet, what type of general attack could compromise the data?
Man in the Middle Attack
Trojan Horse Attack
Back Orifice Attack
Answer: D,E Explanation:
To compromise the data, the attack would need to be executed before the encryption takes place at either end of the tunnel. Trojan Horse and Back Orifice attacks both allow for potential data manipulation on host computers. In both cases, the data would be compromised either before encryption or after decryption, so IPsec is not preventing the attack.
Question No: 236 – (Topic 6)
Which of the following Netcat commands would be used to perform a UDP scan of the lower 1024 ports?
Netcat -h -U
Netcat -hU lt;host(s.gt;
Netcat -sU -p 1-1024 lt;host(s.gt;
Netcat -u -v -w2 lt;hostgt; 1-1024
Netcat -sS -O target/1024
Explanation: The proper syntax for a UDP scan using Netcat is quot;Netcat -u -v -w2 lt;hostgt; 1-1024quot;. Netcat is considered the Swiss-army knife of hacking tools because it is so versatile.
Question No: 237 – (Topic 6)
A file integrity program such as Tripwire protects against Trojan horse attacks by:
Automatically deleting Trojan horse programs
Rejecting packets generated by Trojan horse programs
Using programming hooks to inform the kernel of Trojan horse behavior
Helping you catch unexpected changes to a system utility file that might indicate it had been replaced by a Trojan horse
Explanation: Tripwire generates a database of the most common files and directories on your system. Once it is generated, you can then check the current state of your system against the original database and get a report of all the files that have been modified, deleted or added. This comes in handy if you allow other people access to your machine and even if you don#39;t, if someone else does get access, you#39;ll know if they tried to modify files such as /bin/login etc.
Question No: 238 – (Topic 6)
What is a Trojan Horse?
A malicious program that captures your username and password
Malicious code masquerading as or replacing legitimate code
An unauthorized user who gains access to your user database and adds themselves as
A server that is to be sacrificed to all hacking attempts in order to log and monitor the hacking activity
Answer: B Explanation:
A Trojan Horse is an apparently useful and innocent program containing additional hidden code which allows the unauthorized collection, exploitation, falsification, or destruction of data.
Question No: 239 – (Topic 6)
You are writing an antivirus bypassing Trojan using C code wrapped into chess.c to create an executable file chess.exe. This Trojan when executed on the victim machine, scans the entire system (c:\) for data with the following text “Credit Card” and “password”. It then zips all the scanned files and sends an email to a predefined hotmail address.
You want to make this Trojan persistent so that it survives computer reboots. Which registry entry will you add a key to make it persistent?
Explanation: HKEY_LOCAL_MACHINE would be the natural place for a registry entry that starts services when the MACHINE is rebooted.
Question No: 240 – (Topic 6)
In Linux, the three most common commands that hackers usually attempt to Trojan are:
car, xterm, grep
netstat, ps, top
vmware, sed, less
xterm, ps, nc
Answer: B Explanation:
The easiest programs to trojan and the smartest ones to trojan are ones commonly run by administrators and users, in this case netstat, ps, and top, for a complete list of commonly trojaned and rootkited software please reference this URL: http://www.usenix.org/publications/login/1999-9/features/rootkits.html
|Lowest Price Guarantee||Yes||No||No|
|Free VCE Simulator||Yes||No||No|