How attackers install backdoors and what to do about it

If you returned home to find a shattered window and a ransacked home, it would be fairly obvious to you that you'd been burglarized. But, if the thief knew about a secret entrance to your home through which he could enter unseen, and he was careful not to disturb anything, you may never even know he was there.

Computer attackers often install backdoor programs for just that purpose. A backdoor is a secret or hidden passage into your computer system allowing the attacker repeated access without your knowledge. The obvious question then is "how did the attacker get the backdoor software installed on my computer in the first place?"

The answer in most cases is through a Trojan of some sort. Just as the Trojan Horse from Greek mythology was an attack disguised as a gift, a Trojan program is malicious code hidden within a seemingly friendly or useful piece of software. Trojans don't run automatically, but are typically designed to trick or lure the user into running an executable program.

The malicious code in the Trojan could be a variety of things, including a backdoor program such as Sub7 or Back Orifice. The backdoor generally installs a server component on the compromised machine. That server component then opens a certain port or service allowing the attacker to connect to it using the client component of the backdoor software. Some backdo

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Information security management for the midmarket Using key risk indicators to sell your information security program IT security spending a bright spot in '09, with more growth predicted Gartner: Vetting security of third-party partners in five steps Locking down security in the move to electronic medical records Security and risk management in the midmarket Identity and access management planning guide for the midmarket Information systems management for the midmarket CIOs share advice on doing more with less Get smart about patching security vulnerabilities A CIO's advice for implementing single sign-on solutions Risk management for the midmarket Using key risk indicators to sell your information security program Gartner: Vetting security of third-party partners in five steps Security and risk management in the midmarket Identity and access management planning guide for the midmarket Get smart about patching security vulnerabilities Log management tool saves big on network fixes, integrates with IPS Unified communications: Securing access to OCS Disaster recovery and business continuity planning: Know the risks Database security: Who should have access? San Francisco network lockup justifies CIO fears Security tools for the midmarket IT security spending a bright spot in '09, with more growth predicted Security and risk management in the midmarket Identity and access management planning guide for the midmarket A CIO's advice for implementing single sign-on solutions Options for outsourcing security grow, offer IT budget savings Network access control: Pointers for getting the knack of NAC Unified communications: Securing access to OCS Unified communications security: How safe is it? Database security: Who should have access? San Francisco network lockup justifies CIO fears

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

or programs will even alert the attacker when a compromised computer is available online.

You can protect your computer from backdoor software through a variety of ways. First, the obvious:

There are a few less obvious, proactive things you can do as well.

There are tools such as BackOfficer Friendly, available free from NFR Security Inc., which will monitor your system and alert you when an attempt is made to install backdoor software. This program is aimed specifically at detecting the Back Orifice back door, but it also detects other suspicious port scans.

If you suspect that a system may already be compromised, you can use utilities such as Vision from Foundstone Inc., a division of McAfee. Vision maps executables to the ports they use, allowing you to identify suspicious applications. Chrootkit is another useful tool. It can help identify system binaries that have been modified by a backdoor, and it runs various tests and checks for signs of a backdoor or other system compromise.

About the author: Tony Bradley is a consultant and writer with a focus on network security, antivirus and incident response. He is the About.com Guide for Internet / Network Security, providing a broad range of information security tips, advice, reviews and information. Tony also contributes frequently to other industry publications. For a complete list of his freelance contributions you can visit Essential Computer Security.