Trojan Horses, Rootkits and Backdoors

 

Trojan horses

Basic principal with all malicious programs is that they need the user support to do the damage to a computer. That is the reason why Trojan horses try to deceive the users by showing them some other form of e mail. It might come as a different file extension also. If the user does not run the file or it get disturbed by shutting down the system or some sort of activity, the Trojan horse will terminate.

In general terms if any program which is run by a user by getting deceived and which will create dangerous malicious payloads. These payload affects can be in many forms. It can be either deleting files or installing unwanted soft wares. When the Trojan horse is used as a dropper it will allow other hackers and worms to attack the network easily.

In most of the times these Trojan horse and spyware programs comes as a bundled package. It means that the malware program comes with another good program which the user is looking for. When the program is downloaded from the internet the risk of this happening becomes very high. Some malware programs will have an end user agreement which tell some information about spyware. But many users are agreeing to these agreements without reading them at all.

Rootkits

The most dangerous aspect with any attack is that it will not be visible to the user. Even in the system activity list it will not be seen. This happens both with the attacks from programs and direct human attacks. This happens due to the rootkits technique. It will change the operating system settings such that the malware program will not be visible. Rootkits was first used by an attacker who gained administrator access to a UNIX system. But after that any program which does the purpose was called rootkits.

When an attack is detected in a system, the scanning program will try to remove it. Since they are not visible and hide their identity it is very difficult to detect them. But the worst part is, even if they are detected they will become very hard to remove. One example for this is the Jargon file tale which affected Xerox CP-V timeshare system

In that case each ghost job created a new copy of the program thinking that the other job has been killed. This takes only few milliseconds time. But the fact is that the other one is not killed and it also thinks in the same way. It is very hard to stop this process unless the system is crashed deliberately.

There are many modern malware that uses this technique and start making copies of programs.

Backdoors

Backdoor programs are used to gain unauthorized access to system. Backdoor soft wares are used by hackers to gain access to systems so that they can send in the malicious soft wares to that particular system.

There is a rumor going around that the computer manufactures are installing backdoor programs in their systems before selling to get access for customer care support. But the hackers are using Trojan horses, worms or other viruses to install backdoors in the system.