Page 110 - StudyBook.pdf
P. 110
94 Chapter 2 • General Security Concepts: Attacks
Rootkits try to hide their presence from the OS by modifying the kernel,
drivers, or common applications.They are hard to detect and eliminate,
and are used to plant other malicious software like backdoors or viruses.
Back Doors are programs that silently allow attackers to take control of
the target system. Many times they are distributed by Trojan Horses or
worms.
Spyware are currently one of the most prevalent, although in theory less
harmful, code attacks. Most of them are more annoying than dangerous,
but some can have criminal intentions, and most cause instability in
affected systems.
Exam Objectives
Frequently Asked Questions
The following Frequently Asked Questions, answered by the authors of this
book, are designed to both measure your understanding of the Exam Objectives
presented in this chapter, and to assist you with real-life implementation of
these concepts.
Q: Is it safe for me to install backdoors or Trojan horses like SubSeven or NETbus
onto my computer to learn how they work?
A: Yes and no.While it can be good to learn how they work, it’s important to use
a machine that is set up for testing purposes only and isn’t connected to any
networks.A better (and cheaper) way is to create a Virtual Machine that is
completely segmented from the real network, and which won’t cause damage
to production computers and networks.VMWare now offers the free Virtual
Server that can be used at www.vmware.com.
Q: Why is a DoS attack different from a DDoS attack?
A: A DDoS attack is a type of DoS attack that uses an “army” of hacked machines
to shut down service to another victim machine.The two are often confused.A
DoS attack is nothing more than any attack that denies service to users or net-
works (many times it’s a single user or machine exploiting a known vulnera-
bility), while a DDoS attack is just one form of DoS, which requires the use of
a large number of attacking machines.
www.syngress.com
