SlideShare a Scribd company logo

Detection of running backdoors

M
mridulahuja

This document discusses backdoor Trojans and how they can bypass authentication to gain unauthorized access to a computer system. Backdoor Trojans are classified as viruses that create a backdoor to access a specific system. They do not spread to other files. Common backdoors take the form of installed programs or subvert the system through a rootkit. Backdoors can enable harmful actions like crashing the computer, data theft, keylogging, and linking the computer to a botnet. Popular backdoor Trojans mentioned include Netbus, Subseven, Back Orifice, Beast, and Zeus. Detecting backdoors is challenging as they can modify object code rather than just source code. Analysis of running processes and any open

1 of 14
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
By mridul ahuja 9911103486 JIIT – 128
A backdoor in a computer system is a method of bypassing normal authentication, securing unauthorized remote access to a computer, while attempting to remain undetected.
Backdoor Trojan can be extremely harmful if not dealt with appropriately. The main function of this type of virus is to create a backdoor in order to access a specific system.
These backdoors are classified as Trojans if they do not attempt to inject themselves into other files.The backdoor may take the form of an installed program (e.g. Back Orifice) or may subvert the system through a rootkit.
Crashing the computer, e.g. with "blue screen of death" (BSOD) Data corruption Electronic money theft Data theft, including confidential files, sometimes for industrial espionage Downloading or uploading of files for various purposes
Keystroke logging Downloading and installing software, including third-party malware and ransomware Watching the user's screen Viewing the user's webcam Modifications of registry Linking computer to botnet
 Netbus Advance System Care  Subseven or Sub7  Back Orifice (Sir Dystic)  Beast  Zeus  Flashback Trojan (Trojan BackDoor.Flashback)  ZeroAccess  Koobface  Vundo
Detection of running backdoors
The threat of backdoors surfaced when multiuser and networked operating systems became widely adopted. Harder to detect backdoors involve modifying object code, rather than source code
Running processes are dissected and modules being used in each one of them are extracted. If any module matches with a virus module, the program checks if any port is being used by that process. If any port is found , the process may be a virus .
Detection of running backdoors
Detection of running backdoors
 Hunting for Metamorphic Engines by Wing Wong , Mark Stamp  Hunting for Undetectable Metamorphic Virus by Da Lin  Detecting RATs through dynamic analysis using Finite- State Machines by Gardåsen, Kjetil Tangen  Remote Administrative Tools : A Comparative Study by Anis Ismail, Mohammad Hajjar, Haissam Hajjar  Remote Administrative Trojan/Tool (RAT) by Manjeri N. Kondalwar , Prof. C.J. Shelke
Detection of running backdoors

More Related Content

PPTX
Pentesting with linux
Hammad Ahmed Khawaja
 
PPTX
What is mprext.dll?
FileInspect
 
PPTX
COMPUTER SECURITY AND OPERATING SYSTEM
faraz hussain
 
PPTX
Security & protection in operating system
Abou Bakr Ashraf
 
PPTX
What is BRCLR.DLL?
FileInspect
 
PPT
OS Security 2009
Deborah Obasogie
 
PPTX
Operating system security
Sarmad Makhdoom
 
PPT
Presentation on FBI VIRUS
Sunanda Chakraborty
 
Pentesting with linux
Hammad Ahmed Khawaja
 
What is mprext.dll?
FileInspect
 
COMPUTER SECURITY AND OPERATING SYSTEM
faraz hussain
 
Security & protection in operating system
Abou Bakr Ashraf
 
What is BRCLR.DLL?
FileInspect
 
OS Security 2009
Deborah Obasogie
 
Operating system security
Sarmad Makhdoom
 
Presentation on FBI VIRUS
Sunanda Chakraborty
 

What's hot (20)

PPTX
Dickmaster
DickMaster1
 
PPTX
Operating system security
Rachel Jeewa
 
PPTX
O p
saman Iftikhar
 
PDF
Persistence in windows
Arpan Raval
 
PPTX
What is BFE.DLL?
FileInspect
 
PPTX
Operating system security
Ramesh Ogania
 
PPTX
Protection and security
mbadhi
 
PDF
OPERATING SYSTEM SECURITY
RohitK71
 
PPTX
Security
Pooja Talreja
 
PPTX
Protection and security of operating system
Abdullah Khosa
 
PDF
Spo1 t18
SelectedPresentations
 
PDF
Stuxnet
bueno buono good
 
PPTX
System security
ReachLocal Services India
 
PPTX
Computer securety
rushil ahmed
 
PPTX
BackDoors Seminar
Chaitali Patel
 
PPTX
Security in Windows operating system
abdullah roomi
 
PPT
Op Sy 03 Ch 61a
Google
 
PPTX
Stuxnet mass weopan of cyber attack
Ajinkya Nikam
 
PPTX
TIC
DickMaster1
 
PPT
Windows Security in Operating System
Meghaj Mallick
 
Dickmaster
DickMaster1
 
Operating system security
Rachel Jeewa
 
O p
saman Iftikhar
 
Persistence in windows
Arpan Raval
 
What is BFE.DLL?
FileInspect
 
Operating system security
Ramesh Ogania
 
Protection and security
mbadhi
 
OPERATING SYSTEM SECURITY
RohitK71
 
Security
Pooja Talreja
 
Protection and security of operating system
Abdullah Khosa
 
Spo1 t18
SelectedPresentations
 
Stuxnet
bueno buono good
 
System security
ReachLocal Services India
 
Computer securety
rushil ahmed
 
BackDoors Seminar
Chaitali Patel
 
Security in Windows operating system
abdullah roomi
 
Op Sy 03 Ch 61a
Google
 
Stuxnet mass weopan of cyber attack
Ajinkya Nikam
 
TIC
DickMaster1
 
Windows Security in Operating System
Meghaj Mallick
 
Ad

Similar to Detection of running backdoors (20)

PPTX
Trojan virus & backdoors
Shrey Vyas
 
PPTX
Trojans and backdoors
Gaurav Dalvi
 
PPT
Trojan backdoors
seth edmond
 
PPT
Trojan Backdoors
JauwadSyed
 
PDF
Ceh v8 labs module 06 trojans and backdoors
Asep Sopyan
 
PPT
list of Deception as well as detection techniques for maleware
AJAY VISHKARMA
 
PPTX
Introduction to Malwares
Abdelhamid Limami
 
PPTX
Malicious Software Identification
sandeep shergill
 
PPT
RRB JE Stage 2 Computer and Applications Questions Part 5
CAS
 
PPTX
Final malacious softwares
Mirza Adnan Baig
 
ODP
Computer Viruses & Management Strategies
Dasun Hegoda
 
PDF
Backdoor Entry to a Windows Computer
IRJET Journal
 
PPTX
RAT - Kill or Get Killed! by Karan Bansal
OWASP Delhi
 
PPTX
Harmful software
BijoKG2
 
PDF
Static Detection of Application Backdoors
Tyler Shields
 
PPTX
Tools and methods used in cybercrime
patelripal99
 
PPTX
Introduction to cyber security engineering MODULE 3.pptx
aniketkumarsingh715
 
PDF
Blackhat Europe 2009 - Detecting Certified Pre Owned Software
Tyler Shields
 
PPTX
Trojan ppt pianca
Priyanka Daimary
 
PDF
Ce hv8 module 06 trojans and backdoors
Mehrdad Jingoism
 
Trojan virus & backdoors
Shrey Vyas
 
Trojans and backdoors
Gaurav Dalvi
 
Trojan backdoors
seth edmond
 
Trojan Backdoors
JauwadSyed
 
Ceh v8 labs module 06 trojans and backdoors
Asep Sopyan
 
list of Deception as well as detection techniques for maleware
AJAY VISHKARMA
 
Introduction to Malwares
Abdelhamid Limami
 
Malicious Software Identification
sandeep shergill
 
RRB JE Stage 2 Computer and Applications Questions Part 5
CAS
 
Final malacious softwares
Mirza Adnan Baig
 
Computer Viruses & Management Strategies
Dasun Hegoda
 
Backdoor Entry to a Windows Computer
IRJET Journal
 
RAT - Kill or Get Killed! by Karan Bansal
OWASP Delhi
 
Harmful software
BijoKG2
 
Static Detection of Application Backdoors
Tyler Shields
 
Tools and methods used in cybercrime
patelripal99
 
Introduction to cyber security engineering MODULE 3.pptx
aniketkumarsingh715
 
Blackhat Europe 2009 - Detecting Certified Pre Owned Software
Tyler Shields
 
Trojan ppt pianca
Priyanka Daimary
 
Ce hv8 module 06 trojans and backdoors
Mehrdad Jingoism
 
Ad

Detection of running backdoors

  • 2. A backdoor in a computer system is a method of bypassing normal authentication, securing unauthorized remote access to a computer, while attempting to remain undetected.
  • 3. Backdoor Trojan can be extremely harmful if not dealt with appropriately. The main function of this type of virus is to create a backdoor in order to access a specific system.
  • 4. These backdoors are classified as Trojans if they do not attempt to inject themselves into other files.The backdoor may take the form of an installed program (e.g. Back Orifice) or may subvert the system through a rootkit.
  • 5. Crashing the computer, e.g. with "blue screen of death" (BSOD) Data corruption Electronic money theft Data theft, including confidential files, sometimes for industrial espionage Downloading or uploading of files for various purposes
  • 6. Keystroke logging Downloading and installing software, including third-party malware and ransomware Watching the user's screen Viewing the user's webcam Modifications of registry Linking computer to botnet
  • 7.  Netbus Advance System Care  Subseven or Sub7  Back Orifice (Sir Dystic)  Beast  Zeus  Flashback Trojan (Trojan BackDoor.Flashback)  ZeroAccess  Koobface  Vundo
  • 9. The threat of backdoors surfaced when multiuser and networked operating systems became widely adopted. Harder to detect backdoors involve modifying object code, rather than source code
  • 10. Running processes are dissected and modules being used in each one of them are extracted. If any module matches with a virus module, the program checks if any port is being used by that process. If any port is found , the process may be a virus .
  • 13.  Hunting for Metamorphic Engines by Wing Wong , Mark Stamp  Hunting for Undetectable Metamorphic Virus by Da Lin  Detecting RATs through dynamic analysis using Finite- State Machines by Gardåsen, Kjetil Tangen  Remote Administrative Tools : A Comparative Study by Anis Ismail, Mohammad Hajjar, Haissam Hajjar  Remote Administrative Trojan/Tool (RAT) by Manjeri N. Kondalwar , Prof. C.J. Shelke