Thursday 31 January 2013

Backdoor and Trojan Development


Backdoor and Trojan Development

As intrusion detection and Firewalling technologies have improved, so
have the backdoor programs. The simple TCP based remote shell
utilities have been superseded by UDP and ICMP based programs that
support encrypted data channels. The ability to control these backdoors
with UDP packets allows them to be deployed behind firewalls that
allow UDP traffic, typically for DNS on port 53. Similarly, if the Firewall
in question allows ICMP packets through, these can be used to
communicate with the backdoor programs. The use of encrypted data

channels means that intrusion detection software can no longer inspect
the packet data for signatures, making detection of these backdoors
even more difficult.

Deployment

Backdoors can also be deployed on “virgin” systems without having to
first compromise them through other means. This can be accomplished
by imbedding the backdoor in an email attachment, ActiveX control or
a file on the internet. Utilities such as Silkrope and Saranwrap exist,
which allow the attacker to attach the Trojan to a seemingly legitimate
file.
Well known backdoor programs on the Microsoft Windows platform,
include:
• BackOrifice.
• NetBus.

at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
  • Finding the Greatest Common Divisor
    Finding the Greatest Common Divisor The Euclidean algorithm is based on the following theorem: For any nonnegative integer a and any...
  • Traffic Confidentiality
    7.2. Traffic Confidentiality We mentioned in Chapter 1 that, in some cases, users are concerned about security from traffic analysis....