SlideShare une entreprise Scribd logo

Trojans and backdoors

Télécharger en tant que PPTX, PDF
Gaurav Dalvi
Gaurav Dalvi

It contents Information about the malware family. Worms Trojans Virus Rootkits

FormationTechnologie
1  sur  29
TROJANS AND BACKDOORS By Gaurav Dalvi 3rd Year CSE Reg no:-2011BCS501
MALWARE FAMILY. Trojans.  Viruses.  Worms.  Rootkits. 
BIRTH OF TROJAN  the story of old Greek.(Greek vs. Troy).
The Application works same as the story and is the most powerful application used for attacking computers.  A new game, an electronic mail or a free software from unknown person can implant Trojan or a backdoor.  The first Trojan computer infection is believed to have appeared in 1986 as a shareware program called “PC-Write”. 
WHAT IS TROJAN?  malicious payload inside a legitimate program.
TYPES OF TROJANS Destructive Trojan.  Denial Of Service Trojan.  Remote Access Trojan.  Data sending Trojan.  Proxy Trojan.  FTP Trojan.  Security Software Disabler Trojan. 
HOW SYSTEMS GET INFECTED BY TROJAN? Visiting untrusted websites.  Email Attachments.  Pirated Software. 
TROJAN DETECTION Manual With the help of tools Run key of regedit ComputerHKey_local_mac hineSoftwareMicrosoft WindowsCurrentversion Run put in it to run malicious software .   May appear as Malicious drivers C:windowsSystem32Driv ers*.sys  process explorer  Icesword(port monitoring) .  Driverview.  Srvman.  Sigverif.  TrojanHunter.
BACKDOOR CONCEPT A Backdoor allows a malicious attacker to maintain privileged access to a compromised host  Unix back doors are typically installed via a Worm ,Root Kit or manually after a system has been initially compromised.  Windows back doors are typically installed via a Virus, Worm or Trojan Horse. 
BACKDOOR INSTALLATION. Through Trojan.  Through ActiveX (embedded in website).  Protection offered by Microsoft. 
HIDING MECHANISMS. Cryptography.  Rootkits.  Use different protocols and port numbers.  Reverse control.  Backdoor timing. 
ROOTKITS  1. 2. 3. Classical rootkits Usually attacker replace the /bin/login file with the another version. He can also save the password of other users. Sometimes Classical Rootkit hide many things.  1. 2. 3. 4. Kernel rootkits Most powerful rootkit. It replaces the kernel of OS. It can also off monitoring, antivirus. It is very hard to detect.
VIRUSES
WORMS
SPREADING MALWARE . Fake programs (pop up/rogue security).  Internet downloads .  Internet Messenger.  Email attachments, Links.  Browser + email software Bugs.  May contain frame which contain malicious code.  Physical Access through keyloggers ,spywares. 
PROTECTION FROM MALWARE New Updates.  Personal Firewall.  Use non-admin account.  Use User Access Control. 
CASE STUDY. Back Orifice 2000.(Bo2k)  Oldest and most powerful backdoor used for training issues in windows machine.  It is Open source and is free available on Sorce forge website. 
BACK ORIFICE 2000 It was written by Deldog one of the member of the „Cult of the dead cow‟ group.  It was introduce in the DefCon Conference in 1999.  It was made for good use for monitoring activity but many people make the malicious use of it. 
ABILITIES OF BO2K BO2K is very small but very complete in abilities.  Its client code is just 100KB can be easily implanted on the victims computer.  It can use different kinds of Hiding technique.  In recent version it has the reverse client connection.  As it is open source you can customize according to your need. 
MAKING A TROJAN USE BO2K You can use binder application to bind the B02K client code with other program.  Elite wrap , Saran Wrap, Silk Rope which are mostly use to wrap BO2K. 
REFERENCES www.securitytube.net  CEHv7 courseware.  www.hackernews.com  www.insecure.com  www.securityforge.com  Defcon Conference. 
Trojans and backdoors

Recommandé

Ransomware - The Growing Threat
Ransomware - The Growing ThreatRansomware - The Growing Threat
Ransomware - The Growing Threat
Nick Miller
 
Cybercrime and security
Cybercrime and securityCybercrime and security
Cybercrime and security
Shishupal Nagar
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacks
Ramiro Cid
 
Trojan virus & backdoors
Trojan virus & backdoorsTrojan virus & backdoors
Trojan virus & backdoors
Shrey Vyas
 
FireWall
FireWallFireWall
FireWall
rubal_9
 
Ransomware
RansomwareRansomware
Ransomware
Akshita Pillai
 
Cyber attack
Cyber attackCyber attack
Cyber attack
Manjushree Mashal
 
Cyber Security Presentation
Cyber Security PresentationCyber Security Presentation
Cyber Security Presentation
HaniyaMaha
 

Recommandé

Ransomware - The Growing Threat
Ransomware - The Growing ThreatRansomware - The Growing Threat
Ransomware - The Growing Threat
Nick Miller
 
Cybercrime and security
Cybercrime and securityCybercrime and security
Cybercrime and security
Shishupal Nagar
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacks
Ramiro Cid
 
Trojan virus & backdoors
Trojan virus & backdoorsTrojan virus & backdoors
Trojan virus & backdoors
Shrey Vyas
 
FireWall
FireWallFireWall
FireWall
rubal_9
 
Ransomware
RansomwareRansomware
Ransomware
Akshita Pillai
 
Cyber attack
Cyber attackCyber attack
Cyber attack
Manjushree Mashal
 
Cyber Security Presentation
Cyber Security PresentationCyber Security Presentation
Cyber Security Presentation
HaniyaMaha
 
Cyber attacks
Cyber attacks Cyber attacks
Cyber attacks
Anuradha Moti T
 
Malware
MalwareMalware
Malware
Tuhin_Das
 
Network security presentation
Network security presentationNetwork security presentation
Network security presentation
Kudzai Rerayi
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
belsis
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
Ramiro Cid
 
Cyber security
Cyber securityCyber security
Cyber security
Pihu Goel
 
Ransomware Attack.pptx
Ransomware Attack.pptxRansomware Attack.pptx
Ransomware Attack.pptx
IkramSabir4
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...
Edureka!
 
Cyber security
Cyber securityCyber security
Cyber security
Shivaani srinivas iyer
 
What is malware
What is malwareWhat is malware
What is malware
Malcolm York
 
Ransomware attack
Ransomware attackRansomware attack
Ransomware attack
Amna
 
Malware & Anti-Malware
Malware & Anti-MalwareMalware & Anti-Malware
Malware & Anti-Malware
Arpit Mittal
 
Malware and it's types
Malware and it's typesMalware and it's types
Malware and it's types
Aakash Baloch
 
Introduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitIntroduction To Exploitation & Metasploit
Introduction To Exploitation & Metasploit
Raghav Bisht
 
Network security
Network securityNetwork security
Network security
fatimasaham
 
Cyber security
Cyber securityCyber security
Cyber security
Dr. Kishor Nikam
 
Ransomware
RansomwareRansomware
Ransomware
Nick Miller
 
Wannacry
WannacryWannacry
Wannacry
Gunther Clauwaert
 
What is Ransomware
What is RansomwareWhat is Ransomware
What is Ransomware
jeetendra mandal
 
Les malwares
Les malwaresLes malwares
Les malwares
meryemnaciri1
 
Introduction to trojans and backdoors
Introduction to trojans and backdoorsIntroduction to trojans and backdoors
Introduction to trojans and backdoors
jibinmanjooran
 
How to Backdoor Diffie-Hellman
How to Backdoor Diffie-HellmanHow to Backdoor Diffie-Hellman
How to Backdoor Diffie-Hellman
David Wong
 

Contenu connexe

Tendances

Tendances (20)

Cyber attacks
Cyber attacks Cyber attacks
Cyber attacks
 
Malware
MalwareMalware
Malware
 
Network security presentation
Network security presentationNetwork security presentation
Network security presentation
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Cyber security
Cyber securityCyber security
Cyber security
 
Ransomware Attack.pptx
Ransomware Attack.pptxRansomware Attack.pptx
Ransomware Attack.pptx
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...
 
Cyber security
Cyber securityCyber security
Cyber security
 
What is malware
What is malwareWhat is malware
What is malware
 
Ransomware attack
Ransomware attackRansomware attack
Ransomware attack
 
Malware & Anti-Malware
Malware & Anti-MalwareMalware & Anti-Malware
Malware & Anti-Malware
 
Malware and it's types
Malware and it's typesMalware and it's types
Malware and it's types
 
Introduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitIntroduction To Exploitation & Metasploit
Introduction To Exploitation & Metasploit
 
Network security
Network securityNetwork security
Network security
 
Cyber security
Cyber securityCyber security
Cyber security
 
Ransomware
RansomwareRansomware
Ransomware
 
Wannacry
WannacryWannacry
Wannacry
 
What is Ransomware
What is RansomwareWhat is Ransomware
What is Ransomware
 
Les malwares
Les malwaresLes malwares
Les malwares
 

En vedette

Introduction to trojans and backdoors
Introduction to trojans and backdoorsIntroduction to trojans and backdoors
Introduction to trojans and backdoors
jibinmanjooran
 
How to Backdoor Diffie-Hellman
How to Backdoor Diffie-HellmanHow to Backdoor Diffie-Hellman
How to Backdoor Diffie-Hellman
David Wong
 
Java Database Connectivity
Java Database ConnectivityJava Database Connectivity
Java Database Connectivity
backdoor
 
Trojan Horse Presentation
Trojan Horse PresentationTrojan Horse Presentation
Trojan Horse Presentation
ikmal91
 
Distributed Programming using RMI
Distributed Programming using RMI Distributed Programming using RMI
Distributed Programming using RMI
backdoor
 
Trojan backdoors
Trojan backdoorsTrojan backdoors
Trojan backdoors
seth edmond
 
Cómo y por qué abrimos nuestra plataforma
Cómo y por qué abrimos nuestra plataformaCómo y por qué abrimos nuestra plataforma
Cómo y por qué abrimos nuestra plataforma
Daniel Rabinovich
 
Malware by Jordan Diaz
Malware by Jordan DiazMalware by Jordan Diaz
Malware by Jordan Diaz
Jordan Diaz
 
ISSM APP IT1 FACIANE.PDF
ISSM APP IT1 FACIANE.PDFISSM APP IT1 FACIANE.PDF
ISSM APP IT1 FACIANE.PDF
Ashley Faciane
 

En vedette (20)

Introduction to trojans and backdoors
Introduction to trojans and backdoorsIntroduction to trojans and backdoors
Introduction to trojans and backdoors
 
How to Backdoor Diffie-Hellman
How to Backdoor Diffie-HellmanHow to Backdoor Diffie-Hellman
How to Backdoor Diffie-Hellman
 
BackDoors Seminar
BackDoors SeminarBackDoors Seminar
BackDoors Seminar
 
Java Database Connectivity
Java Database ConnectivityJava Database Connectivity
Java Database Connectivity
 
Computer Viruses
Computer VirusesComputer Viruses
Computer Viruses
 
Trojan Horse Virus
Trojan Horse VirusTrojan Horse Virus
Trojan Horse Virus
 
Trojan Horse Presentation
Trojan Horse PresentationTrojan Horse Presentation
Trojan Horse Presentation
 
Distributed Programming using RMI
Distributed Programming using RMI Distributed Programming using RMI
Distributed Programming using RMI
 
Trojan backdoors
Trojan backdoorsTrojan backdoors
Trojan backdoors
 
Rat a-tat-tat
Rat a-tat-tatRat a-tat-tat
Rat a-tat-tat
 
Presentación1
Presentación1Presentación1
Presentación1
 
alberto martin, seguridad
alberto martin, seguridadalberto martin, seguridad
alberto martin, seguridad
 
Sin título 1
Sin título 1Sin título 1
Sin título 1
 
Cómo y por qué abrimos nuestra plataforma
Cómo y por qué abrimos nuestra plataformaCómo y por qué abrimos nuestra plataforma
Cómo y por qué abrimos nuestra plataforma
 
Malware by Jordan Diaz
Malware by Jordan DiazMalware by Jordan Diaz
Malware by Jordan Diaz
 
Lucas
LucasLucas
Lucas
 
Backdoors PHP y ofuscación
Backdoors PHP y ofuscaciónBackdoors PHP y ofuscación
Backdoors PHP y ofuscación
 
ISSM APP IT1 FACIANE.PDF
ISSM APP IT1 FACIANE.PDFISSM APP IT1 FACIANE.PDF
ISSM APP IT1 FACIANE.PDF
 
File000145
File000145File000145
File000145
 
CRM, Technology and Fitness
CRM, Technology and FitnessCRM, Technology and Fitness
CRM, Technology and Fitness
 

Similaire à Trojans and backdoors

NEXT GENERATION SITE BUILDING TECHNOLOGY
NEXT GENERATION SITE BUILDING TECHNOLOGYNEXT GENERATION SITE BUILDING TECHNOLOGY
NEXT GENERATION SITE BUILDING TECHNOLOGY
Shah Rashedul LastHaque
 

Similaire à Trojans and backdoors (20)

MALWARE
MALWAREMALWARE
MALWARE
 
The malware (r)evolution
The malware (r)evolutionThe malware (r)evolution
The malware (r)evolution
 
virus
virusvirus
virus
 
Trojan Backdoors
Trojan BackdoorsTrojan Backdoors
Trojan Backdoors
 
Dickmaster
DickmasterDickmaster
Dickmaster
 
Information security
Information securityInformation security
Information security
 
Malware
MalwareMalware
Malware
 
Malware
MalwareMalware
Malware
 
RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5
 
MALWARE AND ITS TYPES
MALWARE AND ITS TYPES MALWARE AND ITS TYPES
MALWARE AND ITS TYPES
 
Cyber Security Seminar Day 2
Cyber Security Seminar Day 2Cyber Security Seminar Day 2
Cyber Security Seminar Day 2
 
viruses.pptx
viruses.pptxviruses.pptx
viruses.pptx
 
Malware by Ms. Allwood
Malware by Ms. AllwoodMalware by Ms. Allwood
Malware by Ms. Allwood
 
trojon horse Seminar report
trojon horse Seminar report trojon horse Seminar report
trojon horse Seminar report
 
NEXT GENERATION SITE BUILDING TECHNOLOGY
NEXT GENERATION SITE BUILDING TECHNOLOGYNEXT GENERATION SITE BUILDING TECHNOLOGY
NEXT GENERATION SITE BUILDING TECHNOLOGY
 
Protecting your computer_from_viruses
Protecting your computer_from_virusesProtecting your computer_from_viruses
Protecting your computer_from_viruses
 
Computer Viruses and Classification lecture slides ppt
Computer Viruses and Classification lecture slides pptComputer Viruses and Classification lecture slides ppt
Computer Viruses and Classification lecture slides ppt
 
Anti virus
Anti virusAnti virus
Anti virus
 
MALWARES.pptx
MALWARES.pptxMALWARES.pptx
MALWARES.pptx
 
Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)
 

Dernier

Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
kauryashika82
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
ciinovamais
 
Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.
MateoGardella
 

Dernier (20)

Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docx
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docx
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 

Trojans and backdoors

  • 1. TROJANS AND BACKDOORS By Gaurav Dalvi 3rd Year CSE Reg no:-2011BCS501
  • 2. MALWARE FAMILY. Trojans.  Viruses.  Worms.  Rootkits. 
  • 3. BIRTH OF TROJAN  the story of old Greek.(Greek vs. Troy).
  • 4. The Application works same as the story and is the most powerful application used for attacking computers.  A new game, an electronic mail or a free software from unknown person can implant Trojan or a backdoor.  The first Trojan computer infection is believed to have appeared in 1986 as a shareware program called “PC-Write”. 
  • 5. WHAT IS TROJAN?  malicious payload inside a legitimate program.
  • 6. TYPES OF TROJANS Destructive Trojan.  Denial Of Service Trojan.  Remote Access Trojan.  Data sending Trojan.  Proxy Trojan.  FTP Trojan.  Security Software Disabler Trojan. 
  • 7. HOW SYSTEMS GET INFECTED BY TROJAN? Visiting untrusted websites.  Email Attachments.  Pirated Software. 
  • 8.
  • 9.
  • 10. TROJAN DETECTION Manual With the help of tools Run key of regedit ComputerHKey_local_mac hineSoftwareMicrosoft WindowsCurrentversion Run put in it to run malicious software .   May appear as Malicious drivers C:windowsSystem32Driv ers*.sys  process explorer  Icesword(port monitoring) .  Driverview.  Srvman.  Sigverif.  TrojanHunter.
  • 11.
  • 12. BACKDOOR CONCEPT A Backdoor allows a malicious attacker to maintain privileged access to a compromised host  Unix back doors are typically installed via a Worm ,Root Kit or manually after a system has been initially compromised.  Windows back doors are typically installed via a Virus, Worm or Trojan Horse. 
  • 13. BACKDOOR INSTALLATION. Through Trojan.  Through ActiveX (embedded in website).  Protection offered by Microsoft. 
  • 14. HIDING MECHANISMS. Cryptography.  Rootkits.  Use different protocols and port numbers.  Reverse control.  Backdoor timing. 
  • 15. ROOTKITS  1. 2. 3. Classical rootkits Usually attacker replace the /bin/login file with the another version. He can also save the password of other users. Sometimes Classical Rootkit hide many things.  1. 2. 3. 4. Kernel rootkits Most powerful rootkit. It replaces the kernel of OS. It can also off monitoring, antivirus. It is very hard to detect.
  • 17.
  • 18.
  • 19. WORMS
  • 20.
  • 21.
  • 22. SPREADING MALWARE . Fake programs (pop up/rogue security).  Internet downloads .  Internet Messenger.  Email attachments, Links.  Browser + email software Bugs.  May contain frame which contain malicious code.  Physical Access through keyloggers ,spywares. 
  • 23. PROTECTION FROM MALWARE New Updates.  Personal Firewall.  Use non-admin account.  Use User Access Control. 
  • 24. CASE STUDY. Back Orifice 2000.(Bo2k)  Oldest and most powerful backdoor used for training issues in windows machine.  It is Open source and is free available on Sorce forge website. 
  • 25. BACK ORIFICE 2000 It was written by Deldog one of the member of the „Cult of the dead cow‟ group.  It was introduce in the DefCon Conference in 1999.  It was made for good use for monitoring activity but many people make the malicious use of it. 
  • 26. ABILITIES OF BO2K BO2K is very small but very complete in abilities.  Its client code is just 100KB can be easily implanted on the victims computer.  It can use different kinds of Hiding technique.  In recent version it has the reverse client connection.  As it is open source you can customize according to your need. 
  • 27. MAKING A TROJAN USE BO2K You can use binder application to bind the B02K client code with other program.  Elite wrap , Saran Wrap, Silk Rope which are mostly use to wrap BO2K. 
  • 28. REFERENCES www.securitytube.net  CEHv7 courseware.  www.hackernews.com  www.insecure.com  www.securityforge.com  Defcon Conference. 

Notes de l'éditeur

  1. It is seemingly useful program containing malware (rogue software)
  2. visiting website can cause to infect the system.click to install npav but installspyware, keyloggerrootkit remote control
  3. PoisonIVY-botnet command control centerbanker Fox-steals banking-Data-often through "Free" Software MP3 file
  4. Classical Rootkits focus on linux based system.Usually attacker replace the /bin/login file with the another version.He can also save the password of other users.Sometimes Classical Rootkit hide many things.(network infromation(netstat,ifconfig),Disk Usage (du,df),Listing of File(ls),Finding of file(find),process status(ps))PROMISC flag in ifconfig file.(sniffing program)KernelRootkitsMost powerful rootkit.It replaces the kernel of OS.It can show network information, file status ,disk usage, port number, process status and other thing.It can also off monitaring ,antivirus.It is very hard to detect.Reverse Control.If there is a private network and victims system is running on the specific i[ address then it becomes difficult for attacker to communicate with the victim’s system.In this situation the backdoor come into picture.Attacker establish a server with the specific ip address and the backdoor can communicate with it inside the firewallEg :- making use of the HTTP protocol the backdoor can request for the commands for the attacker and the attacker can send it in the HTTTP format.Backdoor timing.The attacker can make use of the service which are used for updating the system.In Linux the cron command and in windows the scheduler .He can time the backdoor in such a way at the time when the system administrator in not in the office.
  5. Rootkit:-take control of a systemBuilt in backdoorOften deployed as a torjangood s\w +bad s\w =trojanVery stealthy(silent)-obsure(hide) registry-folder-processesrun under system privileges mod access torjanvery dangerous
  6. Self replicating malware, attached to a files, often to other computers.Lives forever(unless date term exists).spread mostly through human intervention.
  7. WormsSelf replicating malware ,mem-resident,It spread through self replicating Possible resource-intensiveReplicates over network(shares)Often Bot-nets(to create army of bot-net)Distribute itself to everyoneEg:-COnflickerDeny access to administrative accessristrict access to security sitespayload=-actual code which runs on the system after exploitation.