Detection of running backdoors

Detection of Running Backdoors

By mridul ahuja

9911103486

JIIT – 128

What is a Backdoor ? A backdoor in a computer system is a

method of bypassing normal authentication, securing unauthorized remote access to a computer, while attempting to remain undetected.

What is a Backdoor ? Backdoor Trojan can be extremely

harmful if not dealt with appropriately. The main function of this type of virus is to create a backdoor in order to access a specific system.

What is a Backdoor ? These backdoors are classified as

Trojans if they do not attempt to inject themselves into other files.The backdoor may take the form of an installed program (e.g. Back Orifice) or may subvert the system through a rootkit.

Purpose of Backdoors Crashing the computer, e.g. with

"blue screen of death" (BSOD) Data corruption Electronic money theft Data theft, including confidential

files, sometimes for industrial espionage

Downloading or uploading of files for various purposes

Purpose of Backdoors Keystroke logging Downloading and installing software,

including third-party malware and ransomware

Watching the user's screen Viewing the user's webcam Modifications of registry Linking computer to botnet

Some notable backdoors Netbus Advance System Care Subseven or Sub7 Back Orifice (Sir Dystic) Beast Zeus Flashback Trojan (Trojan

BackDoor.Flashback) ZeroAccess Koobface Vundo

Zeus Trojan

Current problem The threat of backdoors surfaced

when multiuser and networked operating systems became widely adopted.

Harder to detect backdoors involve modifying object code, rather than source code

Method used to detect Running processes are dissected and

modules being used in each one of them are extracted.

If any module matches with a virus module, the program checks if any port is being used by that process.

If any port is found , the process may be a virus .

Screenshots

References Hunting for Metamorphic Engines by Wing Wong , Mark

Hunting for Undetectable Metamorphic Virus by Da Lin

Detecting RATs through dynamic analysis using Finite-State Machines by Gardåsen, Kjetil Tangen

Remote Administrative Tools : A Comparative Study by Anis Ismail, Mohammad Hajjar, Haissam Hajjar

Remote Administrative Trojan/Tool (RAT) by Manjeri N. Kondalwar , Prof. C.J. Shelke

Detection of running backdoors

Internet

Backdoors et rootkits_avancees_[slides]

Backdoors Affirmative - DDI 2015 SWS.docx

Detection of running backdoors

Trojans and backdoors

Real SAP Backdoors

Walling up Backdoors in Intrusion Detection Systems

Malware - Northern Kentucky University · Malware detection. 2. Theory of malware. 3. ... target backdoors and worm flaws. ... Malware factories . are software and processes to

1 Backdoors and Trojans. ECE 4112 - Internetwork Security 2 Agenda Overview Netcat Trojans/Backdoors

Modul 7 Trojan, Backdoors,RootKit

Running dry smart water and leak detection by steven windsor

Noise-response Analysis for Rapid Detection of Backdoors in … · 2020. 8. 4. · Noise-response Analysis for Rapid Detection of Backdoors in Deep Neural Networks N. Benjamin Erichson1

Classification and Detection of Application Backdoors · Classification and Detection of Application Backdoors Chris Wysopal Black Hat DC Briefings 21 February 2008

Trojan, Backdoors,RootKit

BACKDOORS BOTNETS, ROOTKITS Y

Tradeoffs in Backdoors : Inconsistency Detection, Dynamic Simplification, and Preprocessing

Backdoors Et Rootkits Avancees

Detection theory and college withdrawal 1 Running Head

ITUnderground2004 Linux Kernel Backdoors

Running Dry: Smart Water and Leak Detection

1 Distributed Detection via Gaussian Running Consensus ...users.isr.ist.utl.pt/~jxavier/ieeetsp2011a.pdf · Distributed Detection via Gaussian Running Consensus: Large Deviations