Upload
mridulahuja
View
32
Download
2
Embed Size (px)
Citation preview
Detection of Running Backdoors
By mridul ahuja
9911103486
JIIT – 128
What is a Backdoor ? A backdoor in a computer system is a
method of bypassing normal authentication, securing unauthorized remote access to a computer, while attempting to remain undetected.
What is a Backdoor ? Backdoor Trojan can be extremely
harmful if not dealt with appropriately. The main function of this type of virus is to create a backdoor in order to access a specific system.
What is a Backdoor ? These backdoors are classified as
Trojans if they do not attempt to inject themselves into other files.The backdoor may take the form of an installed program (e.g. Back Orifice) or may subvert the system through a rootkit.
Purpose of Backdoors Crashing the computer, e.g. with
"blue screen of death" (BSOD) Data corruption Electronic money theft Data theft, including confidential
files, sometimes for industrial espionage
Downloading or uploading of files for various purposes
Purpose of Backdoors Keystroke logging Downloading and installing software,
including third-party malware and ransomware
Watching the user's screen Viewing the user's webcam Modifications of registry Linking computer to botnet
Some notable backdoors Netbus Advance System Care Subseven or Sub7 Back Orifice (Sir Dystic) Beast Zeus Flashback Trojan (Trojan
BackDoor.Flashback) ZeroAccess Koobface Vundo
Zeus Trojan
Current problem The threat of backdoors surfaced
when multiuser and networked operating systems became widely adopted.
Harder to detect backdoors involve modifying object code, rather than source code
Method used to detect Running processes are dissected and
modules being used in each one of them are extracted.
If any module matches with a virus module, the program checks if any port is being used by that process.
If any port is found , the process may be a virus .
Screenshots
Screenshots
References Hunting for Metamorphic Engines by Wing Wong , Mark
Stamp
Hunting for Undetectable Metamorphic Virus by Da Lin
Detecting RATs through dynamic analysis using Finite-State Machines by Gardåsen, Kjetil Tangen
Remote Administrative Tools : A Comparative Study by Anis Ismail, Mohammad Hajjar, Haissam Hajjar
Remote Administrative Trojan/Tool (RAT) by Manjeri N. Kondalwar , Prof. C.J. Shelke