A white paper published by McAfee in 2005. All citations and credits for any part or content should be for McAfee. McAfee however holds no liability for any thing in this blog since this blog is created by a third party without their express consent. This blog is created for academic purposes only.

Backdoors

When attackers obtain root-level access to a server, such as using a buffer overflow exploit or a privilege escalation exploit, they will want to do two things:
1. Install a backdoor
2. Cover their tracks
Backdoors allow attackers to remotely access a system again in the future. For example, the attacker may have used a particular security hole to get root-level access to a computer. However, over time, that particular security hole may be closed, preventing the attacker from accessing the system again. In order to avoid being shut out in the future, attackers install backdoors. These backdoors take different forms, but all allow an attacker to access the server again without going through the standard login procedures and without having to repeat the attack that gave them access in the first place. 

Many worms install backdoors as a part of their malicious payload. Code Red II, for example, installed a backdoor that provided access to the C and D drives of the compromised Web server from anywhere on the Internet. Other common backdoor programs are Netbus and BackOrifice, which allow attackers to remotely control a compromised server.
Subscribe to: Posts (Atom)