Trojans and Backdoors

Introduction

Trojan horses and malware have a long history. These tools represent a real danger to the security of end user systems. If an attacker can trick or seduce a user to install one of these programs, the hacker can gain full control of the system. Much of this malware works under the principle of "you cannot deny what you must permit," meaning that these programs use ports such as 25, 53, and 80ports the administrator usually has left open. If the programs don't use these ports, the hacker always has the option of using port redirection or covert communication channels. Because port redirection allows the hacker to redirect traffic to open ports, they are a dangerous category of tool.

This Chapter begins by reviewing the history of Trojans. It then discusses specific Trojan types and their means of transmission. You will see that Trojans can range from benign to dangerous. Some Trojans are written specifically to kill hard drives or disable software firewall protection. Next, this Chapter looks at covert communications, port redirection, and backdoors. Each of these adds to the hacker's ability to secretly move data into and out of the network. Spyware and keystroke loggers are also discussed. Finally, this Chapter looks at some methods for detecting various types of malicious programs.