CEH_ Official Certified Ethical Hacker Review Guide_ Exam 312-50 - Kimberly Graves [49]
The Hard Drive Killer Pro programs offer the ability to fully and permanently destroy all data on any given DOS or Windows system. The program, once executed, deletes files and infects and reboots the system within a few seconds. After rebooting, all hard drives attached to the system are formatted in an unrecoverable manner within only 1 to 2 seconds, regardless of the size of the hard drive.
Understand How the Netcat Trojan Works
Netcat is a Trojan that uses a command-line interface to open TCP or UDP ports on a target system. A hacker can then telnet to those open ports and gain shell access to the target system.
For the CEH exam, it's important to know how to use Netcat. Make sure you download the Netcat tool and practice the commands before attempting the exam.
What Are the Indications of a Trojan Attack?
Unusual system behavior is usually an indication of a Trojan attack. Actions such as programs starting and running without the user's initiation; CD-ROM drawers opening or closing; wallpaper, background, or screen saver settings changing by themselves; the screen display flipping upside down; and a browser program opening strange or unexpected websites are all indications of a Trojan attack. Any action that is suspicious or not initiated by the user can be an indication of a Trojan attack.
What Is Meant by "Wrapping"?
Wrappers are software packages that can be used to deliver a Trojan. The wrapper binds a legitimate file to the Trojan file. Both the legitimate software and the Trojan are combined into a single executable file and installed when the program is run.
Generally, games or other animated installations are used as wrappers because they entertain the user while the Trojan in being installed. This way, the user doesn't notice the slower processing that occurs while the Trojan is being installed on the system-the user only sees the legitimate application being installed.
Hacking Tools
Graffiti is an animated game that can be wrapped with a Trojan. It entertains the user with an animated game while the Trojan is being installed in the background.
Silk Rope 2000 is a wrapper that combines the BackOrifice server and any other specified application.
ELiTeWrap is an advanced . exe wrapper for Windows used for installing and running programs. ELiTeWrap can create a setup program to extract files to a directory and execute programs or batch files that display help menus or copy files on to the target system.
IconPlus is a conversion program that translates icons between various formats. An attacker can use this type of application to disguise malicious code or a Trojan so that users are tricked into executing it thinking it is a legitimate application.
Trojan Construction Kit and Trojan Makers
Several Trojan-generator tools enable hackers to create their own Trojans. Such toolkits help hackers construct Trojans that can be customized. These tools can be dangerous and can backfire if not executed properly. New Trojans created by hackers usually have the added benefit of passing undetected through virus-scanning and Trojan-scanning tools because they don't match any know signatures.
Some of the Trojan kits available in the wild are Senna Spy Generator, the Trojan Horse Construction Kit v2.0, Progenic Mail Trojan Construction Kit, and Pandora's Box.
What Are the Countermeasure Techniques
in Preventing Trojans?
Most commercial antivirus program have anti-Trojan capabilities as well as spyware detection and removal functionality. These tools can automatically scan hard drives on startup to detect backdoor and Trojan programs before they can cause damage. Once a system is infected, it's more difficult