Michael is a junior security analyst working for the National Security Agency (NSA) working primarily on breaking terrorist encrypted messages. The NSA has a number of methods they use to decipher encrypted messages including Government Access to Keys (GAK) and inside informants. The NSA holds secret backdoor keys to many of the encryption algorithms used on the Internet. The problem for the NSA, and Michael, is that terrorist organizations are starting to use custom-built algorithms or obscure algorithms purchased from corrupt governments. For this reason, Michael and other security analysts like him have been forced to find different methods of deciphering terrorist messages. One method that Michael thought of using was to hide malicious code inside seemingly harmless programs. Michael first monitors sites and bulletin boards used by known terrorists, and then he is able to glean email addresses to some of these suspected terrorists. Michael then inserts a stealth keylogger into a mapping program file readme.txt and then sends that as an attachment to the terrorist. This keylogger takes screenshots every 2 minutes and also logs all keyboard activity into a hidden file on the terrorist’s computer. Then, the keylogger emails those files to Michael twice a day with a built in SMTP server. What technique has Michael used to disguise this keylogging software?
A.
Steganography
B.
Wrapping
C.
ADS
D.
Hidden Channels
i have been go althrogh this..thanku so much for nice info…and hope very soon u ll provide some more info…
Not sure I agree with stego being the answer here. If he’s using Steganography this requires the terrorists to be using the same stego application and be kind enough to extract the Trojan for him. I would have thought Wrapping is a more accurate answer if you wrap the trojan in the txt file then there’s no need to extract the trojan simply clicking on the file would execute the trojan.
I suppose both are possible but only one would actually work.
Wrapping can be detected by email clients…. so it is not preferred….
I agree wrapping can be detected easily unless you write your own wrapper however I don’t see how Steganography even works. If the hidden package automatically extracts upon execution of the host file then it’s not Steganography by definition.
Agree with Phoenix comments…!
One method that Michael thought of using was to hide malicious code inside seemingly harmless programs (Wrapping)
So, which of those is the answer. I am taking the exam V.7 and I would like to know. Can some clarify this answer please? Many thanks!
… and what exactly is a “mapping program file”? Do you mean just a regular file? Or are we talking about a program? How much do you want to bet that ‘wrapping’ is not the answer, only because they didn’t officially call it a ‘trojan’ in this example, and that the readme.txt is not a ‘program’, rather a ‘file’? I think they were a little too literal here, and technically, if you hide something in something else, it’s steganography, so that’s the answer they want.
I saw other exam said it’s C(ADS), yes,you can hide keylogger.exe in any text file with ADS in windows system, if you open readme, the keyloger will execute…
It can’t be ADS as he packaged it and sent it via email. If an exe is packaged in a .txt and then copied to a different drive the .exe is lost.
A
the answer is wrong. it’s B, as in “wrapping a trojan inside an innocuous executable”.
(although, technically, wrapping a trojan in a txt file won’t work, the file has to be executable.)
Well, thinking Hollywood style, it can be stego :-).
The terrorists will view the readme.txt file using their own deciphering application, using a backdoor in the cipher algorithm the code will be executed 🙂
it says a “malicious code” and not a “malicious file” that means wrapping and ADS are not available options because they hide malicious files not codes.
so it is Steganography that hides code/text inside a file.
B is really the only one that makes sense. If you used STEGO you would need a program to decode it more complicated than the malware…
The correct answer is : B. Wrapping
keyword is (hide malicious code inside seemingly harmless programs.)
Steganography: is hiding TEXT inside photo
ADS: can’t be sent, it is saved on the local drive only (NTFS).
Hidden channels (covert channels) are communication channels that transmit information without the authorization or knowledge of the channel’s designer, owner, or operator.