• Choose a category
• All
• Classic-Fiction

Trojans, Backdoors,

Viruses, and Worms

CEH EXAM OBJECTIVES COVERED IN THIS CHAPTER:

✓ Trojans and Backdoors

What Is a Trojan?

What Is Meant by Overt and Covert channels?

List the Different Types of Trojans

How Do Reverse-Connecting Trojans Work?

Understand How the Netcat Trojan Works

What Are the Indications of a Trojan Attack?

What Is Meant by "Wrapping"?

What Are the Countermeasure Techniques Used to Prevent Trojans?

• Understand Trojan Evading Techniques

✓ Viruses and Worms

Understand the Differences between a Virus and a Worm

■ Understand the Types of Viruses

How a Virus Spreads and Infects a System

Understand Antivirus Evasion Techniques

Understand Virus Detection Methods

Trojans and backdoors are two ways a hacker can gain access to a target system. They come in many different varieties, but they all have one thing in common: They must be installed by another program, or the user must be tricked into installing the Trojan or backdoor on their system. Trojans and backdoors are potentially harmful tools in the ethical hacker's toolkit and should be used judiciously to test the security of a system or network.

Viruses and worms can be just as destructive to systems and networks as Trojans and backdoors. In fact, many viruses carry Trojan executables and can infect a system then create a backdoor for hackers. This chapter will discuss the similarities and differences among Trojans, backdoors, viruses, and worms. All of these types of malicious code or malware are important to ethical hackers because they are commonly used by hackers to attack compromised systems.

Trojans and Backdoors

A backdoor is a program or a set of related programs that a hacker installs on a target system to allow access to the system at a later time. A backdoor's goal is to remove the evidence of initial entry from the system's log files. But a backdoor may also let a hacker retain access to a machine it has penetrated even if the intrusion has already been detected and remedied by the system administrator.

Adding a new service is the most common technique to disguise backdoors in the Windows operating system. Before the installation of a backdoor, a hacker must investigate the system to find services that are running. The hacker could add a new service and give it an inconspicuous name or better yet choose a service that's never used and that is either activated manually or completely disabled.

This technique is effective because when a hacking attempt occurs the system administrator usually focuses on looking for something odd in the system, leaving all existing services unchecked. The backdoor technique is simple but efficient: The hacker can get back into the machine with the least amount of visibility in the server logs. The backdoored service lets the hacker use higher privileges-in most cases, as a System account.

Remote Administration Trojans (RATs) are a class of backdoors used to enable remote control over a compromised machine. They provide apparently useful functions to the user and, at the same time, open a network port on the victim computer. Once the RAT is started, it behaves as an executable file, interacting with certain registry keys responsible for starting processes and sometimes creating its own system services. Unlike common backdoors, RATs hook themselves into the victim operating system and always come packaged with two files: the client file and the server file. The server is installed in the infected machine, and the client is used by the intruder to control the compromised system.

What Is a Trojan?

A Trojan is a malicious program disguised as something benign. Trojans are often downloaded along with another program or software package. Once installed on a system, they can cause data theft and loss, and system crashes or slowdowns; they can also be used as launching points for other attacks such as Distributed Denial of Service (DDOS). Many Trojans are used to manipulate files on the victim computer, manage processes, remotely run commands, intercept