Backdoors and Trojan Horses

Backdoors and Trojan Horses can be embedded into innocuous applications and staged for attack at a later time. Some software programs that embed Backdoors and Trojan Horses are:

Encrypted networks

Encryption is used over the network to prevent attackers from infecting data packets with Backdoors and Trojan Horse programs. Encryption is easily reverse engineered using advanced debugging software like SoftICE. Once decrypted, Backdoors can be staged such as:

• Back Orifice 2000;

• Back Orifice;

• NetBus Pro.

Covert channels

Covert channels are defined as any network communication channel that can be exploited > netstat -ant|grep LISTEN tcp 0 0 *.31337 *.* LISTEN tcp 0 0 *.6000 *.* LISTEN tcp 0 0 *.1024 *.* LISTEN tcp 0 0 *.22 *.* LISTEN tcp 0 0 *.25 *.* LISTEN tcp 0 0 *.515 *.* LISTEN tcp 0 0 *.21 *.* LISTEN tcp 0 0 *.111 *.* LISTEN >egon# lsof -i|grep bindshell bindshell 39711 brian 3u inet 0xcb773220 0t0 TCP *:31337 (LISTEN) Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. ls; bindshell bindshell.c bindshell.core bindshell.new debug.txt ktrace.out * Doly Trojan v1.5 -Connected. * windows dir is : C:\WINDOWS\ * You are user 1 connected to this server * Victim's Internet Provider is : * Victim's Modem Type and speed {If not standart} is : * Windows version is : * Windows 95/98 4.10 67766222 * Victim's CPU Processor type is : Pentium Pro * Icq uin is : * 0 * Icq Nickname is : * Victim Net name is : * Jon Larimer * Victim computer name is : * BOOBERRY * Victim's Time Zone is : Eastern Standard Time * Victim Date and time of connection is: