If you returned home to find a shattered window and a ransacked home, it would be fairly obvious to you that
Computer attackers often install backdoor programs for just that purpose. A backdoor is a secret or hidden passage into your computer system allowing the attacker repeated access without your knowledge. The obvious question then is "how did the attacker get the backdoor software installed on my computer in the first place?"
The answer in most cases is through a Trojan of some sort. Just as the Trojan Horse from Greek mythology was an attack disguised as a gift, a Trojan program is malicious code hidden within a seemingly friendly or useful piece of software. Trojans don't run automatically, but are typically designed to trick or lure the user into running an executable program.
The malicious code in the Trojan could be a variety of things, including a backdoor program such as Sub7 or Back Orifice. The backdoor generally installs a server component on the compromised machine. That server component then opens a certain port or service allowing the attacker to connect to it using the client component of the backdoor software. Some backdoor programs will even alert the attacker when a compromised computer is available online.
You can protect your computer from backdoor software through a variety of ways. First, the obvious:
- Never execute any unknown email file attachments.
- Never install pirated or questionable software.
- Never run file attachments received via instant messaging.
- Be very cautious of files downloaded through peer-to-peer (P2P) networking systems such as Kazaa.
- Always keep your antivirus software up to date.
There are a few less obvious, proactive things you can do as well.
There are tools such as BackOfficer Friendly, available free from NFR Security Inc., which will monitor your system and alert you when an attempt is made to install backdoor software. This program is aimed specifically at detecting the Back Orifice back door, but it also detects other suspicious port scans.
If you suspect that a system may already be compromised, you can use utilities such as Vision from Foundstone Inc., a division of McAfee. Vision maps executables to the ports they use, allowing you to identify suspicious applications.
Tony Bradley is a consultant and writer with a focus on network security, antivirus and incident response. He is the About.com Guide for Internet/Network Security, providing a broad range of information security tips, advice, reviews and information. Bradley also contributes frequently to other industry publications. For a complete list of his freelance contributions, visit Essential Computer Security.
This was first published in October 2005