Malware spotlight: What are backdoors?

Introduction

Imagine staring down an impregnable fortress or network and determining that there is no conceivable way in without obvious detection. You would probably trade half of the tools in your proverbial toolkit to have a sort of back door into this fortress. Attackers understand this and have developed a specialty type of Trojan for this situation called a backdoor.

This article will give you a detailed explanation and description of backdoor malware, backdoors versus exploits, how backdoors work and some real-world examples of backdoors, as well as recommendations for protection against backdoors.

What are backdoors?

What are backdoors, anyway? A backdoor is defined as any method that allows a user, either authorized or unauthorized, to get around security measures and obtain root, or high-level user access on a system, computer or device. There are two different types of backdoors, and those not in cybersecurity may be thinking of the non-malware type.

Many first heard about backdoors in 2013 when whistleblower Edward Snowden uncovered a decades-old initiative by the NSA to force companies producing electronic devices to install backdoors on their products. These backdoors were installed to allow intelligence agencies a way to get around security measures on devices to access the information they contain (especially useful during investigations). This is a considered a physical backdoor and is the non-malware type of backdoor that is normally used for benevolent purposes.

Malware backdoors are usually installed by an attacker and are technically forms of a Trojan, which is a different type of malware altogether, but the common use of backdoors in attack campaigns coupled with their unique capabilities put them in a league of their own.

Backdoors versus exploits

Some may consider backdoors and exploits the same based upon some technical and logistical similarities, but this is simply not true. To (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Greg Belding. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/QhUoIL2u7qs/