Backdoors are called one of the varieties of malicious programs, as well as utilities of hidden access to a computer, specially created by developers of any software to perform unauthorized or undocumented actions. The term comes from the English phrase back door, which translates as "back door". From the point of view of the traditions of Russian spelling, it is more appropriate to write "backdoor" (just like "hash" or "tag" instead of "hash", "tag"), but this option has not yet become widespread.
After gaining access to the system, the attacker installs backdoors to reconnect or backup to it in order to implement his plan.
Backdoors perform two main functions: quick access to data and remote computer control. Their skills are vast. Backdoor allows an attacker to do the same on the victim's computer as the owner, only remotely. For example, it becomes possible to copy or download files, inject malicious and unwanted programs, read personal data, restart the computer, take screenshots, etc. Backdoors help criminals to hack into networks and carry out attacks from an infected computer.
The backdoor is difficult to detect in the system, it may not manifest itself in any way, so the user is often unaware of its presence. However, even if the backdoor can be identified, the user will not be able to determine who implemented it and what information was stolen. If a "secret move" is discovered in a legitimate program, the developer can hide his intentions, easily passing it off as an accidental error.
Backdoors have a lot in common with remote administration tools and Trojans. They work on a similar principle, but have more dangerous and complex loads. Because of this, they were singled out in a separate category.
Backdoor classification
Backdoors can be classified according to where they are embedded. From this point of view, they are software and hardware.
Hardware-type malicious objects, also called hardware implants, can be introduced by direct equipment manufacturers at one of the production stages. Such backdoors do not disappear when replacing or updating software, are not detected when scanning a code, when scanning an antivirus program.
Software-type backdoors can also enter the system from the manufacturer (software implants), but more often this happens with the direct participation of the user. The owner of the PC can unknowingly install them from a file attached to the letter or together with downloaded data from a file hosting service. The threat is masked with credible names and texts that encourage the victim to open and launch the infected object. In addition, software backdoors can be installed on the computer manually or by other malware, again invisibly to the owner of the device.
There are backdoors that are integrated into certain programs and applications. The file communicates with the computer device through the installation of such an application and gains instant access to the system or controls this program. Some of the backdoors penetrate computers using vulnerabilities. Like worms, these malicious samples are secretly distributed throughout the information system; however, there are no warnings or dialog boxes that arouse the user's suspicion.
Once in the system, backdoors transmit the desired data to the attacker, and also provide the ability to control the machine. This interaction can occur in three ways:
In terms of functionality, backdoors are very diverse from this point of view. For example, FinSpy helps cybercriminals download and run any files taken from the Internet. The Tixanbot program gives the attacker full access to the machine, allowing them to perform any operations. The Briba backdoor violates the stability and confidentiality of the system, creates a hidden remote access point that can be used to inject other malicious programs.
Object of influence
Backdoor injection targets are the same as those of other malware. Attackers are interested in computers of ordinary users, commercial structures, government agencies, enterprises, etc. Backdoors are difficult to detect, they can be present on the system for months or years, allowing you to monitor the user, steal his data, perform criminal actions from his computer, steal confidential information, download and distribute spam and malware.
Having gained access to the system, an attacker can fully examine the identity of the user and use this information for personal gain or criminal purposes. Secret documents, know-how, commercial secrets can be stolen from computers, which will be used for the benefit of another (own) company or for sale. The same situation is developing with databases, bank accounts, phone numbers, email addresses and other useful and liquid information on the black market.
Backdoors are also terrifying for their destructive power. After completing the task or in the case when it was not possible to extract something valuable from the victim's computer, a cybercriminal can delete all files, completely format hard drives.
Source of threat
Where does the threat come from? The backdoor must somehow get to the target machine. As mentioned above, in some cases it is downloaded by the computer owner along with a file. Some malicious objects can be integrated into a program or application, penetrate the system when they are installed, and activate at startup.
Who is the source of the threat? From persons with direct access to the computer. Reckless actions leading to infection and deliberate introduction of a malicious program are also possible. Also, the source of the threat is hooligans who launch backdoors for entertainment purposes, scammers seeking personal information, and other types of intruders.
It happens that programmers deliberately leave backdoors in software for diagnostics and subsequent elimination of defects. But in most cases, cybercriminals are looking for a "loophole" in the computer system, having specific goals leading to their own benefit or material enrichment.
Risk analysis
Almost all computers can fall prey to cybercriminals. Every day, new backdoors appear that allow attackers to control the system, disrupt its operation, and control various processes. For example, in 2017, a new threat called Proton was discovered. This tool can give the criminals full control over the computer and allow them to perform a number of other operations, which are described in more detail in the article "New malware for macOS exploits zero-day vulnerability."
You can protect your computer from the penetration of malicious objects by using a firewall, analyzing suspicious activity, and auditing the system. It is necessary to update the operating system and software, use anti-virus programs from well-known developers, check the computer for viruses with additional utilities.
After gaining access to the system, the attacker installs backdoors to reconnect or backup to it in order to implement his plan.
Backdoors perform two main functions: quick access to data and remote computer control. Their skills are vast. Backdoor allows an attacker to do the same on the victim's computer as the owner, only remotely. For example, it becomes possible to copy or download files, inject malicious and unwanted programs, read personal data, restart the computer, take screenshots, etc. Backdoors help criminals to hack into networks and carry out attacks from an infected computer.
The backdoor is difficult to detect in the system, it may not manifest itself in any way, so the user is often unaware of its presence. However, even if the backdoor can be identified, the user will not be able to determine who implemented it and what information was stolen. If a "secret move" is discovered in a legitimate program, the developer can hide his intentions, easily passing it off as an accidental error.
Backdoors have a lot in common with remote administration tools and Trojans. They work on a similar principle, but have more dangerous and complex loads. Because of this, they were singled out in a separate category.
Backdoor classification
Backdoors can be classified according to where they are embedded. From this point of view, they are software and hardware.
Hardware-type malicious objects, also called hardware implants, can be introduced by direct equipment manufacturers at one of the production stages. Such backdoors do not disappear when replacing or updating software, are not detected when scanning a code, when scanning an antivirus program.
Software-type backdoors can also enter the system from the manufacturer (software implants), but more often this happens with the direct participation of the user. The owner of the PC can unknowingly install them from a file attached to the letter or together with downloaded data from a file hosting service. The threat is masked with credible names and texts that encourage the victim to open and launch the infected object. In addition, software backdoors can be installed on the computer manually or by other malware, again invisibly to the owner of the device.
There are backdoors that are integrated into certain programs and applications. The file communicates with the computer device through the installation of such an application and gains instant access to the system or controls this program. Some of the backdoors penetrate computers using vulnerabilities. Like worms, these malicious samples are secretly distributed throughout the information system; however, there are no warnings or dialog boxes that arouse the user's suspicion.
Once in the system, backdoors transmit the desired data to the attacker, and also provide the ability to control the machine. This interaction can occur in three ways:
- Client-server - the malware is waiting for a connection from the outside (BindShell);
- the backdoor itself connects to the criminal's computer (Back Connect);
- data exchange between a cybercriminal and his tool is carried out using an additional server (Middle Connect).
In terms of functionality, backdoors are very diverse from this point of view. For example, FinSpy helps cybercriminals download and run any files taken from the Internet. The Tixanbot program gives the attacker full access to the machine, allowing them to perform any operations. The Briba backdoor violates the stability and confidentiality of the system, creates a hidden remote access point that can be used to inject other malicious programs.
Object of influence
Backdoor injection targets are the same as those of other malware. Attackers are interested in computers of ordinary users, commercial structures, government agencies, enterprises, etc. Backdoors are difficult to detect, they can be present on the system for months or years, allowing you to monitor the user, steal his data, perform criminal actions from his computer, steal confidential information, download and distribute spam and malware.
Having gained access to the system, an attacker can fully examine the identity of the user and use this information for personal gain or criminal purposes. Secret documents, know-how, commercial secrets can be stolen from computers, which will be used for the benefit of another (own) company or for sale. The same situation is developing with databases, bank accounts, phone numbers, email addresses and other useful and liquid information on the black market.
Backdoors are also terrifying for their destructive power. After completing the task or in the case when it was not possible to extract something valuable from the victim's computer, a cybercriminal can delete all files, completely format hard drives.
Source of threat
Where does the threat come from? The backdoor must somehow get to the target machine. As mentioned above, in some cases it is downloaded by the computer owner along with a file. Some malicious objects can be integrated into a program or application, penetrate the system when they are installed, and activate at startup.
Who is the source of the threat? From persons with direct access to the computer. Reckless actions leading to infection and deliberate introduction of a malicious program are also possible. Also, the source of the threat is hooligans who launch backdoors for entertainment purposes, scammers seeking personal information, and other types of intruders.
It happens that programmers deliberately leave backdoors in software for diagnostics and subsequent elimination of defects. But in most cases, cybercriminals are looking for a "loophole" in the computer system, having specific goals leading to their own benefit or material enrichment.
Risk analysis
Almost all computers can fall prey to cybercriminals. Every day, new backdoors appear that allow attackers to control the system, disrupt its operation, and control various processes. For example, in 2017, a new threat called Proton was discovered. This tool can give the criminals full control over the computer and allow them to perform a number of other operations, which are described in more detail in the article "New malware for macOS exploits zero-day vulnerability."
You can protect your computer from the penetration of malicious objects by using a firewall, analyzing suspicious activity, and auditing the system. It is necessary to update the operating system and software, use anti-virus programs from well-known developers, check the computer for viruses with additional utilities.
