Two programmers write a new secure application for the human resources department to store personal identifiable information. The programmers make the
application available to themselves using an uncommon port along with an ID and password only they know. This is an example of which of the following?
A.
Root Kit
B.
Spyware
C.
Logic Bomb
D.
Backdoor
Explanation:
A backdoor in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication, securing unauthorized remote access to a
computer, obtaining access to plaintext, and so on, while attempting to remain undetected. The backdoor may take the form of an installed program (e.g., Back
Orifice) or may subvert the system through a rootkit. A backdoor in a login system might take the form of a hard coded user and password combination which gives
access to the system.
Although the number of backdoors in systems using proprietary software (software whose source code is not publicly available) is not widely credited, they are
nevertheless frequently exposed. Programmers have even succeeded in secretly installing large amounts of benign code as Easter eggs in programs, although
such cases may involve official forbearance, if not actual permission. Many computer worms, such as Sobig and Mydoom, install a backdoor on the affected
computer (generally a PC on broadband running Microsoft Windows and Microsoft Outlook). Such backdoors appear to be installed so that spammers can send
junk e-mail from the infected machines. Others, such as the Sony/BMG rootkit distributed silently on millions of music CDs through late 2005, are intended as DRM
measures–and, in that case, as data gathering agents, since both surreptitious programs they installed routinely contacted central servers.
Incorrect Answers:
A: A rootkit is a collection of tools (programs) that enable administrator-level access to a computer or computer network. Typically, a cracker installs a rootkit on a
computer after first obtaining user-level access, either by exploiting a known vulnerability or cracking a password. Once the rootkit is installed, it allows the attacker
to mask intrusion and gain root or privileged access to the computer and, possibly, other machines on the network. A rootkit may consist of spyware and other
programs that: monitor traffic and keystrokes; create a “backdoor” into the system for the hacker’s use; alter log files; attack other machines on the network; and
alter existing system tools to escape detection. The presence of a rootkit on a network was first documented in the early 1990s. At that time, Sun and Linux
operating systems were the primary targets for a hacker looking to install a rootkit. Today, rootkits are available for a number of operating systems, including
Windows, and are increasingly difficult to detect on any network.
While a rootkit does allow an attacker administrator-level access to a computer, a backdoor is a specific term used to describe a security breach that allows
unauthorized access to the computer.
Therefore, this answer is incorrect.B: Spyware is software that aids in gathering information about a person or organization without their knowledge and that may send such information to another
entity without the consumer’s consent, or that asserts control over a computer without the consumer’s knowledge. “Spyware” is mostly classified into four types:
system monitors, trojans, adware, and tracking cookies. Spyware is mostly used for the purposes of tracking and storing Internet users’ movements on the Web
and serving up pop-up ads to Internet users. Whenever spyware is used for malicious purposes, its presence is typically hidden from the user and can be difficult to
detect. Some spyware, such as keyloggers, may be installed by the owner of a shared, corporate, or public computer intentionally in order to monitor users. While
the term spyware suggests software that monitors a user’s computing, the functions of spyware can extend beyond simple monitoring. Spyware can collect almost
any type of data, including personal information like Internet surfing habits, user logins, and bank or credit account information. Spyware can also interfere with user
control of a computer by installing additional software or redirecting Web browsers. Some spyware can change computer settings, which can result in slow Internet
connection speeds, un-authorized changes in browser settings, or changes to software settings.
Sometimes, spyware is included along with genuine software, and may come from a malicious website. In response to the emergence of spyware, a small industry
has sprung up dealing in anti- spyware software. Running anti-spyware software has become a widely recognized element of computer security practices,
especially for computers running Microsoft Windows. Spyware is not what is described in this question. Therefore, this answer is incorrect.
C: A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. For example,
a programmer may hide a piece of code that starts deleting files should they ever be terminated from the company. Software that is inherently malicious, such as
viruses and worms, often contain logic bombs that execute a certain payload at a pre-defined time or when some other condition is met. This technique can be
used by a virus or worm to gain momentum and spread before being noticed. Some viruses attack their host systems on specific dates, such as Friday the 13th or
April Fool’s Day. Trojans that activate on certain dates are often called “time bombs”. To be considered a logic bomb, the payload should be unwanted and
unknown to the user of the software. As an example, trial programs with code that disables certain functionality after a set time are not normally regarded as logic
bombs. A logic bomb is not what is described in this question. Therefore, this answer is incorrect.http://en.wikipedia.org/wiki/Backdoor_%28computing%29
http://en.wikipedia.org/wiki/Logic_bomb
http://searchmidmarketsecurity.techtarget.com/definition/rootkit http://en.wikipedia.org/wiki/Spyware