Two programmers write a new secure application for the human resources department to store personal
identifiable information. The programmers make the application available to themselves using an
uncommon port along with an ID and password only they know. This is an example of which of the
following?

A.
Root Kit

B.
Spyware

C.
Logic Bomb

D.
Backdoor

Explanation:
A backdoor in a computer system (or cryptosystem or algorithm) is a method of bypassing normal
authentication, securing unauthorized remote access to a computer, obtaining access to plaintext, and so
on, while attempting to remain undetected. The backdoor may take the form of an installed program
(e.g., Back Orifice) or may subvert the system through a rootkit.
A backdoor in a login system might take the form of a hard coded user and password combination which
gives access to the system.
Although the number of backdoors in systems using proprietary software (software whose source code is
not publicly available) is not widely credited, they are nevertheless frequently exposed. Programmers
have even succeeded in secretly installing large amounts of benign code as Easter eggs in programs,
although such cases may involve official forbearance, if not actual permission.Many computer worms, such as Sobig and Mydoom, install a backdoor on the affected computer
(generally a PC on broadband running Microsoft Windows and Microsoft Outlook). Such backdoors
appear to be installed so that spammers can send junk e-mail from the infected machines. Others, such
as the Sony/BMG rootkit distributed silently on millions of music CDs through late 2005, are intended as
DRM measures—and, in that case, as data gathering agents, since both surreptitious programs they
installed routinely contacted central servers.
Incorrect Answers:
A: A rootkit is a collection of tools (programs) that enable administrator-level access to a computer or
computer network. Typically, a cracker installs a rootkit on a computer after first obtaining user-level
access, either by exploiting a known vulnerability or cracking a password. Once the rootkit is installed, it
allows the attacker to mask intrusion and gain root or privileged access to the computer and, possibly,
other machines on the network.
A rootkit may consist of spyware and other programs that: monitor traffic and keystrokes; create a
“backdoor” into the system for the hacker’s use; alter log files; attack other machines on the network;
and alter existing system tools to escape detection.
The presence of a rootkit on a network was first documented in the early 1990s. At that time, Sun and
Linux operating systems were the primary targets for a hacker looking to install a rootkit. Today, rootkits
are available for a number of operating systems, including Windows, and are increasingly difficult to
detect on any network.
While a rootkit does allow an attacker administrator-level access to a computer, a backdoor is a specific
term used to describe a security breach that allows unauthorized access to the computer.
B: Spyware is software that aids in gathering information about a person or organization without their
knowledge and that may send such information to another entity without the consumer’s consent, or
that asserts control over a computer without the consumer’s knowledge.
“Spyware” is mostly classified into four types: system monitors, trojans, adware, and tracking cookies.
Spyware is mostly used for the purposes of tracking and storing Internet users’ movements on the Web
and serving up pop-up ads to Internet users.
Whenever spyware is used for malicious purposes, its presence is typically hidden from the user and can
be difficult to detect. Some spyware, such as keyloggers, may be installed by the owner of a shared,
corporate, or public computer intentionally in order to monitor users.
While the term spyware suggests software that monitors a user’s computing, the functions of spyware
can extend beyond simple monitoring. Spyware can collect almost any type of data, including personalinformation like Internet surfing habits, user logins, and bank or credit account information. Spyware can
also interfere with user control of a computer by installing additional software or redirecting Web
browsers. Some spyware can change computer settings, which can result in slow Internet connection
speeds, un-authorized changes in browser settings, or changes to software settings.
Sometimes, spyware is included along with genuine software, and may come from a malicious website. In
response to the emergence of spyware, a small industry has sprung up dealing in anti-spyware software.
Running anti-spyware software has become a widely recognized element of computer security practices,
especially for computers running Microsoft Windows. Spyware is not what is described in this question.
C: A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious
function when specified conditions are met. For example, a programmer may hide a piece of code that
starts deleting files should they ever be terminated from the company.
Software that is inherently malicious, such as viruses and worms, often contain logic bombs that execute
a certain payload at a pre-defined time or when some other condition is met. This technique can be used
by a virus or worm to gain momentum and spread before being noticed. Some viruses attack their host
systems on specific dates, such as Friday the 13th or April Fool’s Day. Trojans that activate on certain
dates are often called “time bombs”.
To be considered a logic bomb, the payload should be unwanted and unknown to the user of the
software. As an example, trial programs with code that disables certain functionality after a set time are
not normally regarded as logic bombs. A logic bomb is not what is described in this question.

http://en.wikipedia.org/wiki/Backdoor_%28computing%29
http://en.wikipedia.org/wiki/Logic_bomb
http://searchmidmarketsecurity.techtarget.com/definition/rootkit
http://en.wikipedia.org/wiki/Spyware