Access Control Fundamentals

10.10. Backdoor/Trapdoor

Overview

• A backdoor is a malicious computer program or particular means that provide the attacker with unauthorized remote access to a compromised system exploiting vulnerabilities of installed software and bypassing normal authentication.
• A backdoor works in background and hides from the user. It is very similar to a virus and therefore is quite difficult to detect and completely disable.
• A backdoor is one of the most dangerous parasite types, as it allows a malicious person to perform any possible actions on a compromised computer. The attacker can use a backdoor to
  • spy on a user,
  • manage files,
  • install additional software or dangerous threats,
  • control the entire system including any present applications or hardware devices,
  • shutdown or reboot a computer or
  • attack other hosts.
• Often a backdoor has additional harmful capabilities like keystroke logging, screenshot capture, file infection, even total system destruction or other payload. Such parasite is a combination of different privacy and security threats, which works on its own and doesn’t require to be controlled at all.
• Most backdoors are autonomic malicious programs that must be somehow installed to a computer. Some parasites do not require the installation, as their parts are already integrated into particular software running on a remote host. Programmers sometimes left such backdoors in their software for diagnostics and troubleshooting purposes. Hackers often discover these undocumented features and use them to break into the system.

Countermeasure

• Powerful antivirus and anti-spyware products