Friday, 29 April 2011

Trojans and Backdoors - 1

We will begin with:


  • Terms of reference for various malicious code

  • Defining Trojans and Backdoors

  • Understanding the various backdoor genre

  • Overview of various Trojan tools

  • Learning effective prevention methods and countermeasures

  • Overview of Anti-Trojan software

  • Learning to generate a Trojan program
Trojans and Backdoors

A Trojan horse is:

  • An unauthorized program contained within a legitimate program. This unauthorized program performs functions unknown (and probably unwanted) by the user.

  • A legitimate program that has been altered by the placement of unauthorized code within it; this code performs functions unknown (and probably unwanted) by the user.

  • Any program that appears to perform a desirable and necessary function but that (because of unauthorized code within it that is unknown to the user) performs functions unknown (and definitely unwanted) by the user.
Trojan horses can do anything that the user who executes the program on the remote machine can. This includes deleting files, transmitting to the intruder any files that can be read, changing any files that can be modified, installing other programs such as programs that provide unauthorized network access that the user is entitled to and executing privilege-elevation attacks; that is, the Trojan horse can attempt to exploit a vulnerability to increase the level of access beyond that of the user running the Trojan horse. If this is successful, the Trojan horse can operate with the increased privileges and go about installing other malicious code.
If the user has administrative access to the operating system, the Trojan horse can do anything that an administrator can.
A compromise of any system on a network may have consequences for the other systems on the network. Particularly vulnerable are systems that transmit authentication material, such as passwords, over shared networks in clear text or in a trivially encrypted form, which is very common.
If a system on such a network is compromised via a Trojan (or another method), the intruder may be able to record usernames and passwords or other sensitive information as it navigates the network.
Additionally, a Trojan, depending on the actions it performs, may falsely implicate the remote system as the source of an attack by spoofing and thereby cause the remote system to incur liability.

No comments:

Post a Comment