7 most common application backdoors

Introduction

The popular adage “we often get in quicker by the back door than the front” has withstood the test of time even in our advanced, modern world. Application backdoors have become rampant in today’s business environment, making it mandatory for us to take the same level of precaution we’d do to safeguard the backdoor of our homes.

In this article, we’ll explore and explain the most common backdoors you may encounter while using an application.

1. ShadowPad

Back in 2017, security researchers discovered an advanced backdoor integrated into the server management applications of South Korea- and U.S.-based NetSarang. Dubbed ShadowPad, the backdoor has the ability to download and install additional malware as well as spoof data. If the data transmitted to the backdoor creators were of any interest, their C&C (command and control) servers would respond by triggering the backdoor’s function to execute additional payloads.

This attack hinted for the need to stay vigilant against enterprise application backdoors where critical data in a corporate application is compromised in order to gain open access on the software for process creation, surveillance and theft.

2. Back Orifice

Developed in 1998, the Back Orifice backdoor enabled its creators to remotely control systems running Microsoft Windows. The idea was to demonstrate underlying security problems in Microsoft Windows 98, so it had abilities such as being able to hide itself within the application.

This was commended by the majority of cybercriminals who managed to use Back Orifice as a malicious payload. The payload creates a copy of itself in the system directory of the Windows application as well as inserting a value containing its filename to the Windows registry below the key. The backdoor even has a successor in the shape of BO2K (Back Orifice 2000), which enables unauthorized access to Windows (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Dan Virgillito. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/Qv5r4I9UDok/