It is seemingly useful program containing malware (rogue software)
visiting website can cause to infect the system.click to install npav but installspyware, keyloggerrootkit remote control
PoisonIVY-botnet command control centerbanker Fox-steals banking-Data-often through "Free" Software MP3 file
Classical Rootkits focus on linux based system.Usually attacker replace the /bin/login file with the another version.He can also save the password of other users.Sometimes Classical Rootkit hide many things.(network infromation(netstat,ifconfig),Disk Usage (du,df),Listing of File(ls),Finding of file(find),process status(ps))PROMISC flag in ifconfig file.(sniffing program)KernelRootkitsMost powerful rootkit.It replaces the kernel of OS.It can show network information, file status ,disk usage, port number, process status and other thing.It can also off monitaring ,antivirus.It is very hard to detect.Reverse Control.If there is a private network and victims system is running on the specific i[ address then it becomes difficult for attacker to communicate with the victim’s system.In this situation the backdoor come into picture.Attacker establish a server with the specific ip address and the backdoor can communicate with it inside the firewallEg :- making use of the HTTP protocol the backdoor can request for the commands for the attacker and the attacker can send it in the HTTTP format.Backdoor timing.The attacker can make use of the service which are used for updating the system.In Linux the cron command and in windows the scheduler .He can time the backdoor in such a way at the time when the system administrator in not in the office.
Rootkit:-take control of a systemBuilt in backdoorOften deployed as a torjangood s\w +bad s\w =trojanVery stealthy(silent)-obsure(hide) registry-folder-processesrun under system privileges mod access torjanvery dangerous
Self replicating malware, attached to a files, often to other computers.Lives forever(unless date term exists).spread mostly through human intervention.
WormsSelf replicating malware ,mem-resident,It spread through self replicating Possible resource-intensiveReplicates over network(shares)Often Bot-nets(to create army of bot-net)Distribute itself to everyoneEg:-COnflickerDeny access to administrative accessristrict access to security sitespayload=-actual code which runs on the system after exploitation.
Trojans and backdoors
TROJANS AND BACKDOORS
By Gaurav Dalvi
3rd Year CSE
BIRTH OF TROJAN
the story of old Greek.(Greek vs. Troy).
The Application works same as the story and is the
most powerful application used for attacking
A new game, an electronic mail or a free software
from unknown person can implant Trojan or a
The first Trojan computer infection is believed to
have appeared in 1986 as a shareware program
WHAT IS TROJAN?
malicious payload inside a legitimate program.
TYPES OF TROJANS
Denial Of Service Trojan.
Remote Access Trojan.
Data sending Trojan.
Security Software Disabler Trojan.
HOW SYSTEMS GET INFECTED BY TROJAN?
Visiting untrusted websites.
With the help of tools
Run key of regedit
Run put in it to run
malicious software .
May appear as Malicious
A Backdoor allows a malicious attacker to maintain
privileged access to a compromised host
Unix back doors are typically installed via a Worm
,Root Kit or manually after a system has been
Windows back doors are typically installed via a
Virus, Worm or Trojan Horse.
Through ActiveX (embedded in website).
Protection offered by Microsoft.
Use different protocols and port numbers.
replace the /bin/login
file with the another
He can also save the
password of other
Rootkit hide many
Most powerful rootkit.
It replaces the kernel
It can also off
It is very hard to
SPREADING MALWARE .
Fake programs (pop up/rogue security).
Internet downloads .
Email attachments, Links.
Browser + email software Bugs.
May contain frame which contain malicious code.
Physical Access through keyloggers ,spywares.
PROTECTION FROM MALWARE
Use non-admin account.
Use User Access Control.
Back Orifice 2000.(Bo2k)
Oldest and most powerful backdoor used for
training issues in windows machine.
It is Open source and is free available on Sorce
BACK ORIFICE 2000
It was written by Deldog one of the member of the
„Cult of the dead cow‟ group.
It was introduce in the DefCon Conference in 1999.
It was made for good use for monitoring activity but
many people make the malicious use of it.
ABILITIES OF BO2K
BO2K is very small but very complete in abilities.
Its client code is just 100KB can be easily implanted
on the victims computer.
It can use different kinds of Hiding technique.
In recent version it has the reverse client
As it is open source you can customize according
to your need.
MAKING A TROJAN USE BO2K
You can use binder application to bind the B02K
client code with other program.
Elite wrap , Saran Wrap, Silk Rope which are
mostly use to wrap BO2K.