• Choose a category
• All
• Classic-Fiction

Understand common covert channels ICMP tunneling, reverse WWW shell, and man-inthe-middle attacks are common covert channels.

Understand the definition of a backdoor. A backdoor is usually a component of a Trojan. It's used to maintain access after the initial system weakness has been discovered and removed. It usually takes the form of a port being opened on a compromised system.

Understand the use of a Trojan. Trojans are used primarily to gain and retain access on the target system.

Understand how Trojans work. A Trojan often resides deep in the system and makes registry changes that allow it to meet its purpose as a remote administration tool.

Know the best Trojan countermeasures. Awareness and preventive measures are the best defenses against Trojans.

Understand how a virus is different from a worm. Viruses must attach themselves to other programs, whereas worms spread automatically.

Understand the different types of viruses Polymorphic, stealth, fast infectors, slow infectors, sparse infectors, armored, multipartite, cavity, tunneling, camouflage, NTFS, and AD viruses are all types of viruses.

Review Questions

1. What is a wrapper?

A. A Trojaned system

B. A program used to combine a Trojan and legitimate software into a single executable

C. A program used to combine a Trojan and a backdoor into a single executable

D. A way of accessing a Trojaned system

2. What is the difference between a backdoor and a Trojan?

A. A Trojan usually provides a backdoor for a hacker.

B. A backdoor must be installed first.

C. A Trojan is not a way to access a system.

D. A backdoor is provided only through a virus, not through a Trojan.

3. What port does Tini use by default?

A. 12345

B. 71

C. 7777

D. 666

4. Which is the best Trojan and backdoor countermeasure?

A. Scan the hard drive on network connection, and educate users not to install unknown software.

B. Implement a network firewall.

C. Implement personal firewall software.

D. Educate systems administrators about the risks of using systems without firewalls.

E. Scan the hard drive on startup.

5. How do you remove a Trojan from a system?

A. Search the Internet for freeware removal tools.

B. Purchase commercially available tools to remove the Trojan.

C. Reboot the system.

D. Uninstall and reinstall all applications.

6. What is ICMP tunneling?

A. Tunneling ICMP messages through HTTP

B. Tunneling another protocol through ICMP

C. An overt channel

D. Sending ICMP commands using a different protocol

7. What is reverse WWW shell?

A. Connecting to a website using a tunnel

B. A Trojan that connects from the server to the client using HTTP

C. A Trojan that issues command to the client using HTTP

D. Connecting through a firewall

8. What is a covert channel?

A. Using a communications channel in a way that was not intended

B. Tunneling software

C. A Trojan removal tool

D. Using a communications channel in the original, intended way

9. What is the purpose of system-file verification?

A. To find system files

B. To determine whether system files have been changed or modified

C. To find out if a backdoor has been installed

D. To remove a Trojan

10. Which of the following is an example of a covert channel?

A. Reverse WWW shell

B. Firewalking

C. SNMP enumeration

D. Steganography

11. What is the difference between a virus and a worm?

A. A virus can infect the boot sector but a worm cannot.

B. A worm spreads by itself but a virus must attach to an e-mail.

C. A worm spreads by itself but a virus must attach to another program.

D. A virus is written in C++ but a worm is written in shell code.

12. What type of virus modifies itself to avoid detection?

A. Stealth virus

B. Polymorphic virus

C. Multipartite virus

D. Armored virus

13. Which virus spreads through Word macros?

A. Melissa

B. Slammer

C. Sobig

D. Blaster

14. Which worm affects SQL servers?

A. Sobig

B. SQL Blaster

C. SQL Slammer

D. Melissa

15. Armored viruses are

A. Hidden

B. Tunneled

C. Encrypted

D. Stealth

16. What are the three methods