Hands-on Project 4 - 3 (Practical 5)

Objective: Hosts File Attack

Substituting a fraudulent IP address can be done by either attacking the Domain Name System (DNS) server or the local host table. Attackers can target a local hosts file to create new entries that will redirect users to their fraudulent site. In this project, we will add a fraudulent entry to the local hosts file.

1) Start Internet Explorer.

2) Go to the Course Technology Web site at http://www.course.com/ and to Google at http://www.google.com/ to verify that the name is correctly resolved.

3) Click Start and All Programs and then click Accessories.

4) Right click on Notepad and select Run as administrator.

5) Click File and then Open. Under File Name change from Text Documents (*.txt) to All Files (*.*).

6) Navigate to the file C:\windows\system32\drivers\etc\hosts and open it.

7) At the end of the file, enter 74.125.47.99. This is the IP address of Google.

8) Press Tab and enter www.course.com. In this hosts table www.course.com is now resolved to the IP address 74.125.47.99.

9) Click File and then Save.

10) Open your Web browser and enter the URL www.course.com. What Web site appears?

After the Website, www.course.com is entered, the Google webpage appears instead of the CENGAGE LearningTm webpage.

11) Return to the hosts file and remove this entry.

12) Click File and then Save.

13) Close all windows.

Reflection

After doing this project, I find that it is quite easy to add a fraudulent entry to the local hosts file. If doing this is so easy, then I thought that the attackers would have an advantage. The attackers may create new entries that will redirect users to their fraudulent site which may contain viruses or malware that will automatically start downloading into the victim’s computer. Thus, the victim may not know that their computer has been infected.

Hands-on Project 8 – 1 (Practical 7)

Objective: Use Cognitive Biometrics

Cognitive biometrics holds great promise for adding two-factor authentication without placing a tremendous burden on the user. In this project, we will participate in a demonstration of Passfaces.

1) Use your Web browser to go to www.passfaces.com/demo.

2) Under First Time Users enter the requested information and click Click to Enroll.

3) Click Click to continue. After reading the information that appears, click OK.

4) Accept demo as the name and click OK.

5) When asked click Next to enroll now.

6) When the Enroll in Passfaces dialog box appears, click Next.

7) Look closely at the three faces you are presented with. After you feel familiar with the faces, click Next.

8) You will then be asked to think of associations with the first face (who they may look like or who they may remind you of). Follow each step with the faces and click Next after each face.

9) When Step 2 Practice Using Passfaces dialog box appears, click Next.

10) You will then select your faces from three separate screens, each of which has nine total faces. Click on the face (which is also moving as a hint).

11) You can practice one more time. Click Next.

12) When the Step 3 Try Logging On with Passphrases dialog box appears, click Next. Identify your faces and click Next.

After you identify all the faces correctly, you will see a well done screen appear. Press Next to try logging on one final time.

13) Click Done and then click OK.

14) Click Try Passfaces and then click Login.

15) Click OK under the username and identify your faces.

After you successfully identify the faces, you will see “CONGRATULATIONS! You Have Successfully Logged On”, as shown below.

16) Is this type of cognitive biometrics effective? If you came back to this site tomorrow would you remember the three faces?

17) Close all windows when finished.

Reflection

I think this type of cognitive biometrics is effective as I do not need to remember any password. I also don’t need to worry whether I lost my password and all I need to do is to just remember the secret faces will do. If I come back to this site tomorrow, I think I will remember the three faces.

Hands-on Project 2 - 2 (Practical 3)

Objective: Use a Keylogger

A keylogger program captures everything that a user enters on a computer keyboard. The program runs invisibly in the background and cannot be detected even from the Windows Task Manager. In this project, we will download and use a keyboard logger.

1) Open your Web browser and enter the URL www.softdd.com/keystrokerecorder/index.html.

2) Click Download Here.

3) When the File Download dialog box appears, click Save and follow the instructions to Save this file in a
location such as your Desktop or a folder designated by your instructor. When the file finishes downloading, click Run and follow the default installation procedures.

4) Click Run Keyboard Collector and then click OK. If you are asked for a password, click OK.

5) Select the Always Run check box, if necessary.

6) Click Activate/Start, and then click Yes to confirm.

7) Spend several minutes performing normal activity, such as creating a document or sending an e-mail message.

8) Now examine what the keylogger captured. Double-click the Keyboard Collector Trail icon on the desktop.

9) When asked to enter a password, click OK.

10) Click Run Keyboard Collector and then click OK.

11) Click View Your Logs, and then click OK. Notice that the text you typed has been captured.

12) Click Return and then Exit.

13) Now notice that Keyboard Collector is cloaking itself so that it does not appear to be running. Press Ctrl+Alt+Delete keys and click Start Task Manager.

14) Click the Applications tab to see all of the programs that are currently running. Does Keyboard Collector appear in this list? Why or why not?

As we can see from the Task Manager, the Keyboard Collector does not appear in the list. This is because the program runs invisibly in the background and thus cannot be detected by the Task Manager.

15) Close the Windows Task Manager.

16) Remove Keyboard collector from the computer. Double-click the Keyboard Collector Trail icon on the desktop.

17) When asked to enter a password, click OK.

18) Click Run Keyboard Collector and then click OK.

19) Click Deactivate and then click OK.

20) Click Uninstall and follow the default procedures to install the program.

21) Close all windows.

Reflection

I find that Keylogger is a ‘cunning’ program. This is because I do not know whether there is any Keylogger program being activated in my computer that captures my important information such as my account password. After doing this project, I finally know how a Keylogger operate and is being used by the attackers to capture important information.

Hands-on Project 1 – 4 (Practical 2)

Objective: Scan for Malware Using the Microsoft Windows Malicious Software Removal Tool


When Microsoft Windows updates are installed on your computer (if you have it set to automatically install updates), an updated version of the Microsoft Windows Malicious Software Removal Tool is installed and runs in the background. It checks computers for infections by specific malware and helps remove any infection found. This tool can also be downloaded and run at any time. In this project we will download and run the Microsoft Windows Malicious Software Removal Tool.

1) Open your Web browser and enter the URL www.microsoft.com/security/malwareremove/default.mspx.

2) Click Microsoft Download Center.

3) Click Download.

4) Click Save and save the program to the desired location on your local computer.

5) When the download completes, click Run and follow the default installation instructions.

6) When the Microsoft Windows Malicious Software Removal Tool dialog box appears, click Next and
    accept any license agreements.

7) Select Quick Scan if necessary.

8) Click Next.

9) Depending on your computer, this scan may take several minutes. Analyze the results of the scan to
    determine if there is any malicious software found in your computer.

10) Click View detailed results of scan.

11) If any malicious software was detected on your computer, run the scan again and select Full Scan.

12) Close all windows.

Reflection

I find that Microsoft Windows Malicious Software Removal Tool is very useful. It helps my computer to scan for prevalent malicious software and helps to remove them. Thus, I will consider using this tool to scan my computer for prevalent malicious software.

Hands-on Project 1 – 2 (Practical 1)

Objective: Use Google Reconnaissance

Just as Google can be used to locate almost anything stored on web servers, it can also be used by attackers in order to uncover unprotected information or information that can be used in an attack. This is sometimes called “Google reconnaissance.” Thus, we will perform Google reconnaissance.

1) Open your Web browser and enter the URL http://www.google.com/.

2) Click Advanced Search to display the cool Advanced Search screen.

3) First you will search for any Microsoft Excel spreadsheet that contains the words login: and
    password=. In the text box “Find web pages that have . . . all these words:” enter “login:*”
    “password=*” (be sure to include the quotation marks).

4) Under File type click the down arrow and select Microsoft Excel (.xls).

5) Click Advanced Search. The pages of results will be displayed. Open selected documents and view
    their contents. Note that some of the results are only blank spreadsheets that had headings
    “Login:” and “Password=”. However, other documents actually contain user login names and passwords.
    Return back to the Google Advanced Search page.

6) This time you will look for a text file that contains a list of passwords in cleartext. In the text box
    “Find web pages that have . . . all these words.” erase any content and replace it with “index.of
    passlist” (be sure to include the quotation marks). Under File type click the down arrow and select any
    format.

7) Click Advanced Search. The pages of results will be displayed. Open selected documents and view their
    contents. Return to the Google Advanced Search page.

8) Google and other search engines are aware of these attempts by attackers to use their search engines for
    malicious means. Because of this, the search engines now will filter and deny requests for specific types of
    searches. For example, one type of search that attackers used was to look for a range of credit card
    numbers that might be available. In the text box “Find web pages that have. . . all these words.” erase any
    content and replace it with visa 4356000000000000.. 4356999999999999. Note how Google denies
    this request.

9) Close your Web browser.

Reflection

After doing this project, I finally know how the attackers use this simple search tool to search for unprotected information and password. In future, whenever I put my information or password online, I will make sure that they are protected so that the attackers can’t access to it.

Hands-on Project 3 - 2 (Practical 4)

Objectives: Test AV Software

Antivirus software is important yet free AV products may not offer the best protection. In this session, we will download a virus test file to determine how the AV software reacts. The file downloaded is not a virus but is designed to appear to an antivirus scanner as if it were a virus. We will need to have antivirus software installed on our computer to perform this session.

1) Check the antivirus settings on your computer. Click Start, click Control Panel, click Security, and then click Security Center.

2) The virus protection setting should be On. If it is not, click the Recommendations button and indicate that you want Windows to monitor the AV software.

3) Close all windows.

4) Open your Web browser and enter the URL www.eicar.org/anti_virus_test_file.htm.

5) Read the “Anti-virus or Anti-Malware test file” information carefully. The file you will download is not a virus but is designed to appear to an antivirus scanner as if it was a virus.

6) Click the file eicar.com, which contains a fake virus. A dialog box will open and ask if you want to download the file. Wait to see what happens. What does your antivirus software do? Close your antivirus message and click Cancel to stop the download procedure.

As you can see, the antivirus software help to Auto-Protect scan any file that is going to be downloaded for viruses and protect our computer by deleting the file straight away if the antivirus software detect viruses.

7) Now click eicar_com.zip. This file contains a fake virus inside a compressed (ZIP) file. What happened?

Our antivirus software is not able to detect the eicar_com.zip file for any viruses because the file is being compressed.

8) If your antivirus software did not prevent you from accessing the eicar_com.zip file, and when the File Download dialog box appears, click Save and download the file to your desktop or another location you want.

9) When the download is complete, click Close, if necessary.

10) Right-click point to the Start button and then click Explore.

11) In Windows Explorer navigate to the folder that contains the eicar_com.zip file.

12) Right-click the file eicar_com.zip and then click Scan for viruses on the shortcut menu (your menu command might be slightly different). What happened now?

As you can see, our antivirus software start to scan the 2 files in the eicar_com.zip file for viruses. The antivirus software found 1 risk. After that, the antivirus software deletes one file from eicar_com.zip and left the other file unchanged.

13) Return to the Web site and this time click eicarcom2.zip. This file has a double-compressed ZIP file with a fake virus. What happened?

Our antivirus software is not able to detect the eicarcom2.zip file for any viruses because the file is being double-compressed.

14) If your antivirus software did not prevent you from accessing the eicarcom2.zip file, and when the File Download dialog box appears, click Save and download the file to your desktop or another location you want.

15) When the download is complete, click Close, if necessary.

16) Return to Windows Explorer.

17) In Windows Explorer, navigate to the folder that contains the eicarcom2.zip file.

18) Right-click the file eicarcom2.zip and then click Scan for viruses on the shortcut menu (your menu command might be slightly different). What happened now?

As you can see, our antivirus software start to scan the 3 files in the eicarcom2.zip file for viruses. The antivirus software found 1 risk. After that the antivirus software deletes one file from eicarcom2.zip and left the other file unchanged.

19) Erase both files from your hard drive.

20) Close all windows.

Reflections
After doing this practical, I finally know that how the antivirus software reacts to different types of files. If the file is not compressed, the antivirus software will start to scan the file for viruses. However, when the file is compressed, the antivirus software will not be able to scan the file and we have to scan the file for viruses by ourselves. Thus, in future, I will download file that are not compressed so that my antivirus software will be able to scan the file.

Hands-on Project 2 - 1 (Practical 3)

Objectives: Scan for Rootkits Using RootkitRevealer

To help detect the presence of a rootkit, we will need to download and install Microsoft’s RootkitRevealer tool.

1) Open your Web browser and enter the URL www.microsoft.com/technet/sysinternals/Security/RootkitRevealer.mspx.

2) Scroll to the bottom of the page and click on Download RootkitRevealer (231 KB). When the File Download dialog box appears, click Save and download the file to your desktop or another location you want.

3) When the download is complete, click Open to open the compressed (.ZIP) file.

4) Click Extract all files to launch the Extraction Wizard. Follow the steps in the wizard to extract all files to your desktop or another location you want.

5) Navigate to the location where the files were extracted and start the program by double-clicking on RootkitRevealer.exe. If you receive an Open File – Security Warning dialog box, click Run. Click Agree to the RootkitRevealer License Agreements.

6) The RootkitRevealer screen will appear.

7) Click File and then Scan to begin a scan of the computer for a rootkit.

8) When completed, RootkitRevelear will display discrepancies between the Windows registry keys (which are not always visible to specific types of scans) and other parts of the registry. Any discrepancies that are found do not necessarily indicate that a rootkit was detected.

Results:

9) Close RootkitRevealer and all windows.

Reflections
From what I know, rootkit is a set of software tools used by an intruder to break into a computer, obtain special privileges to perform unauthorized functions, and hide all traces of its existence. Thus it will be dangerous if our computer contain rootkit. Hence, I find that the RootkitReavealer is very useful to me as it help me to reveal the rootkits in my computer so that I can remove them.