lOMoARcPSD|50487499

BETCK105I set1 QB solutions updated

Introduction to Cyber Security (The Oxford College of Engineering (Bengaluru))

Scan to open on Studocu

Studocu is not sponsored or endorsed by any college or university

Downloaded by Jitendar Choudhary ([email protected])
lOMoARcPSD|50487499

BETCK105I/205I

Sai Vidya Institute of Technology, Rajanukunte, Bengaluru

Model Question Paper-I/II with effect from 2022-23 (CBCS Scheme)
USN

First/Second Semester B.E. Degree Examination

Introduction to Cyber Security (BETCK105I/205I)
Solution to Question Paper
TIME: 03 Hours Max. Marks: 100

Note: Answer any FIVE full questions, choosing at least ONE question from each MODULE.

*Bloom’s
Module -1 Taxonomy Marks
Level
Q.01 a Define computer crime. Discuss about Cyberpunk and Cyber warfare L2 8

Ans: Computer crime definition:

• Cybercrime or computer crime is any illegal behaviour directed by means
of electronic operations that target to security of computer system and the
data processed by them.
• Crimes completed either on or with a computer
• Any illegal activity done through the internet or on the computer
• All criminal activities done using the medium of computers, the Internet,
cyberspace and WWW.
• Any financial dishonesty that takes place in computer environment
• Any threats to the computer itself, such as theft of hardware or software,
sabotage and demands for ransom

• Cyberpunk: The term cyberpunk could mean something like " anarchy via
machines", or "machines/ computer Rebel moment"
• The two basic aspects of cyberpunk are technology and individualism.
• It is a genre of science fiction set in a lawless subculture of oppressive
society dominated by computer technology.

• Cyber warfare: It is the use of computer network to disrupt the activities

of a state or organization, especially the deliberate attacking of information
system for strategic or military purpose.
• Cyber warfare for many people, means information Warriors unleashing
vicious attacks against an unsuspecting opponent computer networks and
paralyzing nations information infrastructure.
• It refers to information resources, including communication systems that
support an industry, institution or population.
• Cyber-attacks are often presented as military forces and the internet has major
implications for espionage and warfare.

b List the various cybercrimes against property and against organization L1 6

Ans:
cybercrimes against property and against organization
Dr. Asha K, Associate Professor, Dept. of ECE, SVIT Page 01 of 30
Downloaded by Jitendar Choudhary ([email protected])
lOMoARcPSD|50487499

BETCK105I/205I
The following are the crimes against property and against organization
Cybercrime against property

1. Credit card frauds

2. Intellectual property crimes basically I P crimes include software piracy
copyright infringement trademarks violations theft of computer source code
etc.,
3. Internet time theft

Cybercrime against organisation

1. Unauthorised accessing of computer - hacking is one method of doing this
and hacking is a punishable offence
2. Password sniffing
3. Denial-of-service attacks
4. Virus attacks dissemination of viruses
5. Email bombing or mail bombs
6. Salami attack or Salami technique
7. Logic bomb
8. Trojan horse
9. Data diddling
10. Crimes emanating from Usenet newsgroups
11. Industrial spying/Industrial espionage
12. Computer network instructions
13. Software piracy

c Discuss cybercrime and the Indian ITA 2000 L2 6

• India has the fourth highest number of Internet users in the world
There are 45 million Internet users in India, 37% of all Internet accesses
from happen cybercafes and 57% of Indian Internet users are between 18
and 35 years.
• The population of educated youth is high in India.
• It is reported that compared to the year 2006, cybercrime under the
Information Technology (IT) Act recorded a whopping 50% increase in
the year 2007.
• The National Crime Record Bureau (NCRB) gives the report that, 46%,
were related to incidents of cyberpornography, followed by hacking.
• In over 60% of these cases, offenders were between 18 and 30 years,
according to the "Crime in 2007".
• The Indian Government is doing its best to control cybercrimes.
• For example, Delhi Police have now trained 100 of its officers in
handling cybercrime and placed them in its Economic Offences Wing.
• The training gave to officers about computer hardware and software,
computer networks comprising data communication networks, network
protocols, wireless networks and network security about 6 weeks.

• The ITA 2000 was framed after the United Nation General Assembly
Resolution in January 30, 1997.
• ITA adopting the Model Law on Electronic Commerce (E-Commerce)
adopted by Commission on the United Nations International Trade Law.
• A total cybercrime was registered under the IT Act in 2007 compared to
142 cases registered 2006.
• Under the IPC in to, 339 cases were recorded in 2007 compared
noteworthy to 311 cases in 2006. The laws, crime details and punishment
details given in table below.

Dr. Asha K, Associate Professor, Dept. of ECE, SVIT Page 02 of 30

Downloaded by Jitendar Choudhary ([email protected])
lOMoARcPSD|50487499

BETCK105I/205I
Section Ref. & Chapter of Crime Punishment
Title the Act &
Title
Sec. 43 (Penalty CHAPTER Damage to Compensation for 1 crore
for damage to IX computer system,
computer) Penalties
and
Adjudicati
on
Sec. 66 CHAPTER Hacking (with Fine of 2 lakhs and
(Hacking with XI intent or imprisonment for 3 years
computer Offences knowledge)
system)
Sec. 67 CHAPTER Publication of Fine of 1 lakh
(Publishing of XI obscene material imprisonment of 5 years
information Offences in electronic form and double Conviction on
which is second offence
obscene in
electronic form
Sec. 68 (Power CHAPTER Not complying Fine up to 2 lakhs
of controller to XI with directions of imprisonment of 3 years
give directions) Offences controller.
Sec. 70 CHAPTER Attempting or Imprisonment up to 10
(Protected XI securing access to years.
system Offences computer without
his/her
knowledge,
Sec. 72 (Penalty CHAPTER Attempting or Fine up to 1 lakh and
for breach of XI securing access to imprisonment up to 2 years
confidentiality Offences computer for
and privacy) breaking
confidentiality
Sec. 73 (Penalty CHAPTER Publishing false Fine up to 1 lakh or
for publishing XI digital signature imprisonment up to 2 years
Digital Offences or both
Signature
Certificate false
in certain
particulars)
Sec. 74 CHAPTER Publication of imprisonment up to 2 years
(Publication for XI Digital Signatures and Fine up to 1 lakh
fraudulent Offences for fraudulent
purpose) purpose
OR
Q.02 a Who are cybercriminals? Discuss the three groups of cybercriminals L3 8
Cybercriminals are those who conduct act such as child pornography; credit card
fraud, cyber stalking, defame another online; gaining unauthorised access to a
computer system; ignoring copyright, software licensing and Trademark protection;
overriding encryption to make illegal copies; software piracy and stealing another's
identity to perform criminal acts.

They can be categorised into three groups that reflect their motivation.

Dr. Asha K, Associate Professor, Dept. of ECE, SVIT Page 03 of 30

Downloaded by Jitendar Choudhary ([email protected])
lOMoARcPSD|50487499

BETCK105I/205I
We have three types of Cybercriminals

• Type I: Cybercriminals hungry for recognition

• Type II: Cybercriminals not interested in recognition
• Type III: Cybercriminals the insiders

Type I: Cybercriminals-Hungry for recognition

• Hobby hackers: A person who enjoys exploring the limits of what is

possible in the spirit of play full cleverness
• IT professionals: ethical hacker
• Politically motivated hackers: promote the objective of individuals
groups or Nation supporting a variety of causes such as anti-globalization
transitional conflict and protest.
• Terrorist organizations: cyber terrorism terrorist using the internet for
attacks, large scale destruction of computer networks.

Type II: Cybercriminals-not interested in recognition

• Psychological perverts: Express sexual Desire deviate from normal
behaviour
• Financially motivated hackers (corporate espionage): make money
from cyberattacks: bots for hire; fraud through phishing information theft,
spam and extortion.
• State sponsored hacking (National espionage or sabotage): Extremely
professional groups working for governments.
• Organized criminals: have the ability to worm into the network of
media, major corporations and different departments.

Type III: Cybercriminals-the insiders

• Disgruntled or former employees seeking revenge

• Competing companies using employees to gain economic advantage through
the damage for theft

b Discuss about Cyber defamation in detail. L3 6

• Cyberdefamation occurs when defamation takes place with the help of
a computer and/or internet.
• For example, someone publishing defamatory matter about someone's
website or send emails contain defamatory information to all friends of
that person.
• CHAPTER XXI of the Indian Penal Code (IPC) is about the
defamation.
• According IPC section 499;
• 1. It may amount to defamation to impute anything to a deceased person,
if the imputation would harm the reputation of that person if living, and is
intended to be hurtful to the feelings of his family or other near relatives.
• 2. It may amount to defamation to make an invitation concerning a
company or an association of election of persons as such.
• 3. Imputation in the form of an alternative or expressed ironically the
amount to defamation.

Dr. Asha K, Associate Professor, Dept. of ECE, SVIT Page 04 of 30

Downloaded by Jitendar Choudhary ([email protected])
lOMoARcPSD|50487499

BETCK105I/205I
• 4. No imputation is said to be harm a person's reputation and less that
imputation directly or indirectly in the estimation of the others Louis the
moral or intellectual character of that person, his cast.
• Liable is written defamation on slander is oral defamation

c Explain password Sniffing and mail bombs techniques. L2 6

password Sniffing
• Password sniffers are program that monitor and record the name and
password of a network uses as the login at a site.
• Example keyloggers these are computer programs which one installed into
a particular computer system records all the keystrokes and send it to the
attacker so the attacker can get access to user credentials.
• With the user credentials, the attacker will login and access restricted
documents
Mail bombs techniques
• It refers to sending a large number of emails to the victim to crash
victim E-mail account or to make victim's servers crash
• computer program can be written to instruct a computer to do such tasks
on a repeated basis.
• The terrorism has hit the Internet in the form of Email bombing.
• Here the Cybercrime repeatedly send the email to the particular persons
email ID and shut down the entire system.

Module-2
Q. 03 a What is Social Engineering? Discuss Human Based Social Engineering with a L3 8
suitable example
• social engineering Is a Technique to influence and persuasion to device
people to obtain the information or perform some action.
• A social engineer uses telecommunications or inter net to get them to
do something that is against the security practices and/or policies of
the organization.
• Social Engineering involves gaining sensitive information or
unauthorized access privileges by building inappropriate trust
relationship with insiders.
• It is an art of exploiting the trust of people.
• The goal of SE is to fool someone into providing valuable
information or access to that information.
• Social Engineering studies human behavior so that people will help
because of the desire to be helpful, the attitude to trust people, and
fear of getting into trouble.
• An example is calling a user and pretending to be someone from the
service desk working on a network issue; the attacker then proceeds
to ask question about what the user is working on, what files shares
he/she uses, what his/her password is and so on.
• Example: Talking to an employee of a company, in the name of
technical support from the same office. While taking with the
employee the attacker will collect the confidential information such
as name of the company, username and password etc.

• Human based Social Engineering

• It refers to person to person interaction to get the required/desired
information.
• Impersonating an employee or valid user:
Impersonation" (e.g.. posing oneself as an employee of the same organization) is
perhaps the greatest techniques used by SE to deceive people.

Dr. Asha K, Associate Professor, Dept. of ECE, SVIT Page 05 of 30

Downloaded by Jitendar Choudhary ([email protected])
lOMoARcPSD|50487499

BETCK105I/205I
SE take the advantages of the fact that most people are basically helpful, so they are
harmless to tell someone who appears to be lost where the computer room is located.
Or pretending some one as employee or valid user on the system.

• Posing as an important user:

The attacker pretends to be an important user for example a chief Executive
Officer (CEO) or high-level manager who needs immediate assistance to gain access
to a system.
They think that low level employee don’t ask about the proof or questions to the
higher level employees.

• Using a third person:

An attacker pretends to have permission from an authorized source to use a system.
This trick is useful when the supposed authorized personnel is on vacation or cannot
be contacted for verification.

• Calling technical support

Calling the technical support for assistance is a classic social engineering example.
Help-desk and technical support personnel are trained to help users, which makes them
good prey for Social Engineering attacks.

• Shoulder surfing
It is a technique of gathering information such as usernames and passwords by
watching over a person's shoulder while he/she logs into the system, thereby helping
an attacker to
gain access to the system.

Fig Shoulder Surfing

• Dumpster diving
It involves looking in the trash for information written on pieces of paper or
computer printouts. This is a typical North American term; it is used to describe the
practice of rummaging through commercial or residential trash to find useful free
items that have been discarded.
It is also called dumpstering, binning, trashing garbing or garbage gleaning
"Scavenging is another term to describe these habits. In the UK, the practice is
referred to as "binning or "skipping and the person doing it is a "binner" or a "skipper.

Example: gong through someone's trash for to recover documentation of his/her

critical data [ e.g., social security number (SSN) in the US, PAN/AADHAR number
in India, credit card identity (ID) numbers, etc.
b Explain how criminals plan the attacks? List the phases involved in planning L2 6
cyber crimes
Ans:
Criminal use many methods and tools to locate the vulnerabilities of their
Dr. Asha K, Associate Professor, Dept. of ECE, SVIT Page 06 of 30
Downloaded by Jitendar Choudhary ([email protected])
lOMoARcPSD|50487499

BETCK105I/205I
target. The target can be individual and/or organization.
Criminal plan active and passive attacks. Active attacks are used to alter the
system or computer network.

Whereas passive attack attempts to gain information about the target. Active
attacks may affect the availability, integrity, and authenticity of data whereas
passive attacks lead to breaches of confidentiality.

Attacks can also be classified as inside or outside.

An attack attempted within the security perimeter is called as inside attack; this
is done by insider who gains access to more resources than expected.
An outside attack is attempted by a source outside the security perimeter, who
is indirectly associated with the organization.

Phases involved in planning Cybercrime:

1. Reconnaissance
2. Information gathering, first phase passive attack
3. Scanning and scrutinizing the gathered information
4. For validity of the information as well as to identify the existing
vulnerabilities
5. Launching an attack and Gaining and maintaining the system access.
Phase 1: Reconnaissance
• It is an act of reconnoitering- explore, often with the goal of finding
something or somebody (gain information about enemy (potential
enemy)
• In the world of "hacking," reconnaissance phase begins with foot
printing - this is the preparation toward preattack phase, and involves
accumulating data about the target environment and computer
architecture to find ways to intrude into that environment.
• The objective of this preparatory phase is to understand the system,
its networking ports and services, and any other aspects of its
security that are needful for launching the attack.
• Two phases: passive and active attacks.

Phase 2: Information gathering, first phase passive attack

This Phase Involves gathering information about the target without his/her
knowledge.
1. Google or Yahoo search locate information about employees
2. Surfing online community groups Facebook to gain information about
an individual
3. Organizations website for personal directly or information about the
key employees used in social engineering attack to reach the target.
4. Blogs news groups press releases etc.,
5. Going through job posting
6. Network sniffing information on internet proto col address ranges
hidden server or network or service on the system .
Active Attacks:
• It involves probing the network to discover individual host to confirm
the information (IP address, operating system type and version, and
services on the network) gathered in the passive attack phase
• Also called as Rattling the Doorknobs or Active Reconnaissance
• Can provide confirmation to an attacker about security measures in
place (Whether front door is locked?)
Phase 3: Scanning and scrutinizing the gathered information
• Is a key to examine intelligently while gathering information about the
Dr. Asha K, Associate Professor, Dept. of ECE, SVIT Page 07 of 30
Downloaded by Jitendar Choudhary ([email protected])
lOMoARcPSD|50487499

BETCK105I/205I
target
The objectives are:
1. Port scanning
2. Network scanning
3. Vulnerability scanning

Port scanning:
• The act of systematically scanning a computer port.
• Support is a place where information goes into and out of a
computer port scanning identify is open doors to a computer.
• It is a similar to a test going through your neighborhood and
checking every door and window on each house to see which ones
are open and which ones are locked.
• There is no way to stop someone from port scanning your computer
while you are on the Internet because accessing internet server
open support which open the door to your computer.
Scrutinizing Phase
• It is also called as enumeration in the hacking wo rld. The object to
behind the step is to identify the following
1. The valid user accounts or groups;
2. Network resources and/or shared resources;
3. Operating System (OS) and different applications that are running on
the OS.

Phase 4: For validity of the information as well as to identify the existing

vulnerabilities. After collecting the data on the victim, validate the acquired
information and also identify the vulnerabilities.
Phase 5: Launching an attack and gaining and maintaining the system access.
• After scanning and scrutinizing (enumeration) the attack is launched
using the following steps.
1. Crack the password
2. Exploit the privileges
3. Execute the malicious command or application
4. Hide the files
5. Cover the tracks- delete access logs, so that there is no trial illicit
activity

c List and briefly explain any six tips for safety and security while using the L2 6
computers in a cybercafé

Ans: (Any six you need to write)

1. Always logout do not save login information through automatic login
information
While checking E-Mails or logging into chatting services such as instant
messaging
or using any other service that requires a username and a password, always click
"logout or sign out" before leaving the system. Simply closing the browser
window is not enough, because if somebody uses the same service after you then
one can get an easy access to your account. However, do not save your login
information through options that allow automatic login. Disable such options
before logon

2. Stay with the computer

While surfing/browsing, one should not leave the system unattended for any
period of time. If one has to go out, logout and close all browser windows.

Dr. Asha K, Associate Professor, Dept. of ECE, SVIT Page 08 of 30

Downloaded by Jitendar Choudhary ([email protected])
lOMoARcPSD|50487499

BETCK105I/205I
3. Clear history and temporary files
Internet Explorer saves pages that you have visited in the history folder and in
temporary Internet files. Your passwords may also be stored in the browser if
that option has been enabled on the computer that you have used. therefore,
before you begin browsing, do the following in case of the browser Internet
Explorer: Go to Tools> Internet options click the Content tab > click
AutoComplete. If the checkboxes for passwords are selected, deselect them.
Click OK twice.
After you have finished browsing, you should clear the history and temporary
Internet files folders.
For this, go to Tools > Internet options again> click the General tab go to
Temporary
Internet Files > click Delete Files and then click Delete Cookies
Then, under history, click clear history. Wait for the process to finish before leaving
the computer
4. Be alert don't be a victim of Shoulder Surfing
One should have to stay alert and aware of the surroundings while using a public
computer. Snooping over the shoulder is an easy way of getting your username and
password.
5. Avoid online financial transaction
Ideally one should avoid online banking, shopping or other transactions that require
one to provide personal, confidential and sensitive information such as credit card
or bank account details. In case of urgency, one has to do it; however, one should
take the precaution of changing all the passwords as soon as possible. One should
change the passwords using a more trusted computer, such as at home and/or in
office.
6. Change password
ICICI Bank/SBI about changing the bank account/transaction passwords is the best
practice to be followed by everyone who does the online net banking.

7. Virtual Keyboard
Nowadays almost every bank has provided the virtual keyboard on their website.
The advantages of utilizing virtual keyboard is we can avoid the keylogger attack.
8. Security warnings
One should take utmost care while accessing the websites of any banks/financial
institution. The screenshot in Fig. 2.7 displays security warnings very clearly
(marked in bold rectangle), and should be followed while accessing these
financial accounts from cybercafe

OR
Q.04 a Define Cyber Stalking along with its working. Explain two types of Stalkers L3 8

Ans:
cyberstalking is the use of Internet or other electronics means to stalk or harass an
individual, a group or an organization. It may include false accusation, defamation,
slander and liable.
It also includes monitoring, identity (ID) theft, threats, vandalism, solicitation of
minors for sex, or gathering information that may be used to threaten or harass a
person.
Cyberstalking is sometimes referred to as Internet stalking, e-stalking or online
stalking.
It refers to the use of Internet or electronic communication such as e-mail or instant
messages to harass the individual.

As per Law Cyber Stalking is a punishable offence and attracts section 354 (D),
509 IPC, and section 67 under I.T. Amendment Act 2008. Information Technology
Act, 2000 (amended in 2008) - When a person publishes or sends salacious material
via electronic media is to be charged under Section 67 of the Act.

Dr. Asha K, Associate Professor, Dept. of ECE, SVIT Page 09 of 30

Downloaded by Jitendar Choudhary ([email protected])
lOMoARcPSD|50487499

BETCK105I/205I
We have two types of stalkers namely, Online Stalkers and Offline Stalkers.

Both are criminal offenses, both are motivated by a desire to control, intimidate of
influence a victim.
A Stalker may be an online stranger or a person whom the target knows. He may be
anonymous and solicit involvement of other people online who do not even know the
target.
Online Stalkers Offline Stalkers
They aim to start the interaction The stalker may begin the attack using
with the victim directly with the traditional methods such as following the
help of s victim, watching the daily routine of the victim,
Internet. E-Mail and chat rooms etc. Searching on message boards/newsgroups.
are the most popular Personal websites, and people finding services
communication medium to get or websites are most common ways to gather
connected with the victim, information
rather than using traditional about the victim using the Internet. The victim
instrumentation like telephone is not aware that the Internet has been used to
cell phone. The stalker perpetuate an attack against them.
makes sure that the victim
recognizes the attack attempted
on him/her. The stalker can
make use of
a third party to harass the victim.
b Differentiate between passive attacks and active attacks L2 6

Key Passive Attacks Active Attacks

Definition Attempts to Gain It involves probing the
information about network to discover
the target without individual host to
his/her permission. confirm the information
(IP address, operating
system type and
version, and services on
the network) gathered
in the passive attack
phase

Requirement Leads to Breaches Affects the Availability,

of confidentiality. Integrity and
Authenticity of data

In Passive Attack, In Active Attack,

Modification information remains information is modified.
unchanged.
Passive Attack is Active Attack is dangerous
Dangerous For dangerous for for Integrity as well as
Confidentiality. Availability.
Attention is to be Attention is to be paid on
Attention
paid on detection. prevention.
A Passive Attack An Active Attack can
does not have any damage the system.
Impact on
impact on the regular
System
functioning of a
system.

Dr. Asha K, Associate Professor, Dept. of ECE, SVIT Page 010 of 30

Downloaded by Jitendar Choudhary ([email protected])
lOMoARcPSD|50487499

BETCK105I/205I
The victim does not The victim gets informed
Victim get informed in a in an active attack.
passive attack.
Tracking Comparatively easy It is difficult to track, it
to trace. does not leave the any
traces of the attacker's
interference.
Example of Spying, War Session hijacking, Man-
attacks driving, in the middle (MITM),
Eavesdropping, impersonation, DoS,
Dumpster diving, DDoS etc.,
Foot printing,
Traffic analysis
c Define Bot and Botnet. With a diagram, explain how Botnets create business? L3 6

Ans:
Bot: “An automated program for doing some particular task, often over a network”.
A botnet (also known as a zombie army) is a number of internet computer that, although
their owners are unaware of it, have been set up to forward transmissions (including spam
or viruses)
Any such computer is called as a zombie-in effect, a computer “robot” or “bot” that
servers the wishes of some master spam or virus originator.
Most computers compromised in this way are home based. According to a report from
Russian based Kaspersky labs botnets– not spam, viruses, or worms– currently pose the
biggest threat to the Internet.
Botnet is a network of computers infected with a malicious program that allows
cybercriminals to control the infected machines remotely without the user's
knowledge.

Zombie networks have become a source of income for entire groups of

cybercriminals.
If someone wants to start a business and has no programming skills, there are
plenty of Bot for sale offers on forums.
Obfuscation and encryption of these programs code can also be ordered in the
same way to protect them from detection by antivirus tools.
Another option is to steal an existing Botnet. Figure shows how Botnet creates
business.

Module-3

Dr. Asha K, Associate Professor, Dept. of ECE, SVIT Page 011 of 30

Downloaded by Jitendar Choudhary ([email protected])
lOMoARcPSD|50487499

BETCK105I/205I
Q. 05 a What are hardware key loggers and Anti key loggers? List the advantages of L2 8
using anti loggers

• keys struck on a keyboard, typically in a covert manner so that the person

using the keyboard is unaware that such actions are being monitored.
• Keystroke logger or keylogger is quicker and easier way of capturing the
passwords and monitoring the Victims IT savvy behavior.

Hardware Keyloggers

• To install these keyloggers, physical access to the computer system is

required. Hardware keyloggers are small hardware devices.
• These are connected to the PC and/or to the keyboard and save every
keystroke into a file or in the memory of the hardware device.
• Cybercriminals install such devices on ATM machines to capture ATM
Cards PINs.
• Each keypress on the keyboard of the ATM gets registered by these
keyloggers
• These keyloggers look like an integrated part of such systems; hence, bank
customers are unaware of their presence.
• Listed are few websites where more information about hardware
keyloggers can be found:
• http://www.keyghost.com
• http://www.keelog.com
• http://www.keydevil.com
• http://www.keykatcher.com

Antikeylogger

• Antikeylogger is a tool that can detect the keylogger installed on the

computer system and also can remove the tool.
• Advantages of using antikeylogger are as follows:

1. Firewalls cannot detect the installations of keyloggers on the systems;

hence, antikeylogger can detect installations of keylogger.
2. This software does not require regular updates of signature bases to work
effectively such as other antivirus and antispy programs; if not updated, it
does not serve the purpose, which makes the users at risk.
3. Prevents Internet banking frauds. Passwords can be easily gained with the
help of installing keyloggers
4. It prevents ID theft
5. It secures E-Mail and instant messaging/chatting Note: Visit http://www.anti-
keyloggers.com for more information).

b What is a Proxy server? What is its purpose? L2 6

• Proxy server is computer on a network which acts a s an intermediary for

connections with other computers in that network.
• 1st attacker connects to proxy server
• Proxy server can allow an attacker to hide ID
• Purpose of proxy server

1. Keep the system behind the curtain

Dr. Asha K, Associate Professor, Dept. of ECE, SVIT Page 012 of 30

Downloaded by Jitendar Choudhary ([email protected])
lOMoARcPSD|50487499

BETCK105I/205I
2. Speed up access to resource. It is used to cache the webpages
from a web server.
3. Specialized proxy servers are used to filter unwanted content such
as advertisement
4. Proxy server can be used as IP address multiplexer to enable to
connect number of computers on the internet, whichever has only
one IP address.

Advantages of Proxy server is that its cache memory can serve all users.

Fig. Proxy server and Normal server

List of website for free proxy servers

1. http://www.proxy4free.com
2. http://www.publicproxyservers.com
3. http://www.proxz.com
4. http://www.anonymitychecker.com
5. http://www.surf24h.com
6. http://www.hidemyass.com

Dr. Asha K, Associate Professor, Dept. of ECE, SVIT Page 013 of 30

Downloaded by Jitendar Choudhary ([email protected])
lOMoARcPSD|50487499

BETCK105I/205I
c What is a Backdoor? Discuss any four examples of Backdoor Trojans L2 6
Ans:

• It means of access to a computer program that bypass security

mechanisms
• Programmer use it for troubleshooting
• Attackers often use backdoors that they detect or install themselves as
part of an exploit
• Works in background and hides from user
• Most dangerous parasite, as it allows a malicious person to perform any
possible action
• Programmer sometimes leave such backdoor in their software for
diagnostic and troubleshooting purpose. Attacker discover these
undocumented features and use them.

What a backdoor does?

1. It allows an attacker to create, delete, rename, copy or edit any file;

change any system setting, alter window registry; run control and
terminate application; instal arbitrary software
2. The control computer hardware devices, modify related setting,
shutdown or restart a computer without asking for user permission
3. Steals sensitive personal information, logs user activity, tracks web
browsing habits
4. Record Keystrokes that a user types on a computer’s keyboard and
captures screenshots
5. Sends all gathered data to predefined E-Mail address
6. It infects files, corrupts installed app and damage entire system
7. It distributes infected files to remote computers and perform attack
against hacker-defined remote hosts.
8. It installed hidden FTP server that can be used by malicious person
9. It degrades Internet connection speed and overall system performance
10. It provides uninstall features and hides processes, files and other objects
to complicate its removal as much as possible.

Examples of Backdoor Trojans

1. Back office: Enable user to control a computer running the Microsoft

windows OS from remote location
2. Bifrost: Infect Windows 95 through Vista
3. SAP backdoors: SAP is an Enterprise Resource Planning (ERP)
system and nowadays ERP is the heart of the business technological
platform. These systems handle the key business processes of the
organization, such as procurement, invoicing, human resources
management, billing, stock management and financial planning.
4. Onapsis Bizploit: It is the open-source ERP penetration testing
framework developed by the Onapsis Research Labs. Bizploit assists
security professionals in the discovery, exploration, vulnerability
assessment and exploitation phases of specialized ERP penetration
tests.

OR

Dr. Asha K, Associate Professor, Dept. of ECE, SVIT Page 014 of 30

Downloaded by Jitendar Choudhary ([email protected])
lOMoARcPSD|50487499

BETCK105I/205I
Q. 06 a Discuss various types of Viruses categorized based on attacks on L3 8
various elements of the system.
Ans:

Categorized based on attacks on various elements of the system

1. Boot sector viruses: It Infects the storage media on which OS is stored

and which is used to start the computer system. Spread to other systems
when shared infected disks and pirated software's are used.
2. Program viruses: These viruses becom Active when the programs files
(usually with extension .bin, .com, .exe,. ovl, .drv) is executed. Makes
copy of itself.
3. Multipartite viruses: It is hybrid of a boot sector and program viruses.
It infects program files along with the record when the infected program
is active.
4. Stealth viruses: It camouflages and/or Masks (hides) itself so detecting
this virus is difficult. It can hide itself such a way that anti-virus software
also cannot detect it. Memory to remind in the system and detected.
Example of stealth virus is Brain virus.
5. Polymorphic viruses: It acts like a "Chameleon" that changes its virus
signature (I,e., binary pattern) every time it spread through the system
(i.e., multiplies and infects a new file). Polymorphic generators are
routines (small programs) that can be linked with the existing viruses.

Generators are not viruses but purpose to hide actual viruses under the
cloak of polymorphism. It is difficult to detect polymorphic virus with
the help of an antivirus program.First Polymorphic generator was the
Mutation Engine (MtE). Other Polymorphic generators are Dark Angel’s
Multiple Encryptor (DAME), Darwinian Genetic Mutation Engine
(DGME), Dark Slayer Mutation Engine (DSME), MutaGen,
Guns’nRoses Polymorphic Engine (GPE), and Dark Slayer Confusion
Engine (DSME)

6. Macro viruses: Many applications, such as Microsoft word and

Microsoft Excel, support MACROs (i.e., macrolanguages). These
macros are programmed as a macro embedded in a document. Once
macro virus gets onto a victim's computer then every document he/she
produces will become Infected.
7. Active X Java control: All the web browsers have settings about Active
X and Java Commands. Little awareness is needed about managing and
controlling these settings of a web browser to prohibit and allow certain
functions to work.
8. Which invites the threats for the computer system being targeted by
unwanted software. Examples of The World’s Virus attacks !!!

Conficker INF/AutoRu Win32 PSW. Win32/Agent

n OnLineGam (Trojan)
es

Win32/FlySt Win32/Pace Win32/Qhos WMATrojanDownlo

udio (Trojan x.Gen t ader.GerCodec
with
characteristic
of backdoor)

Dr. Asha K, Associate Professor, Dept. of ECE, SVIT Page 015 of 30

Downloaded by Jitendar Choudhary ([email protected])
lOMoARcPSD|50487499

BETCK105I/205I
b What is Phishing? How Phishing works? L3 6
Ans:

Phishing is introduced in 1996. Phishing refers to an attack using mail

programs to deceive internet users into disclosing confidential information
that can be then exploited for illegal purpose.

• While checking electronic mail (E-Mail) one day a user finds a message
from the bank threatening him/her to close the bank account if he/she does
not reply immediately.
• Although the message seems to be suspicious from the contents of the
message, it is difficult to conclude that it is a fake/false E-Mail.
• Examples: stealing personal and financial data - and can infect systems with
viruses and also a method of online ID theft in various cases.
• Fake email using other reputed companies or individual identity
• People associate phishing with E-mail message that spoof or mimic banks
credit card companies or other business such as Amazon, and eBay

Phishers works as follows

1. Planning: Criminals called as phisher, decide the target & determine how
to get E-mail address
2. Setup: Once phishers know which business/business house to spoof and
who their victims are, they create methods for delivering the message & to
collect the data about the target.
3. Attack: Phisher sends a phony message that appears to be from a reputed
source
4. Collection: Phisher record the information of victims entering into web
pages or pop-up window
5. Identity theft and fraud: Phisher use Information that they have gathered
to make illegal purchases and commit fraud.

Recently more and more organisation/Institute provides greater online access for
their customers and hence criminals are successfully using phishing techniques to
steal personal information and conduct ID theft at global level.

c Discuss four types of DoS attacks L2 6

Ans: 1. Flood attack (Ping flood)

• This is the warliest form of DoS attack and is also known as ping
flood. Attacker sending number of ping packets, using ping
command, which result into more traffic than victim can handle.
• This requires the attacker to have faster network connection than the
victim
• It is very simple to launch, but Prevention is difficult

2. Ping of death attack

• The ping death attack sends oversized ICMP (Internet Control

Message Control) packets, and it is core protocol of IP Suite.
• It is mainly used by networked computers OS's to send error
messages indicating datagrams to the victim.

Dr. Asha K, Associate Professor, Dept. of ECE, SVIT Page 016 of 30

Downloaded by Jitendar Choudhary ([email protected])