Trojans, Viruses, and Backdoor Applications

 < Day Day Up > 

To begin, you need to understand some basic terminology. According to the Webopedia online computer dictionary (http://www.webopedia.com), a Trojan is a

destructive program that masquerades as a benign application. Unlike viruses, Trojans do not replicate themselves, but they can be just as destructive.

Just as the Trojan horse was a disguise to hide Greek soldiers during the Trojan war, Trojan applications likewise run hidden on computers, often appearing as useful utilities. Trojans come in many different flavors. These include remote administration tools (RATs), which provide malicious hackers with a remote shell onto a compromised host; denial-of-service Trojans, which launch denial-of-service attacks from a compromised host; and others. Although the purposes of each Trojan might be unique, the underlying means of operation is the same to hide on a host and perform undesirable activities under the noses of unsuspecting users.

Although the benefits of a Trojan horse application are obvious for malicious hackers, you might be wondering why they are important for penetration testers. A penetration tester is hired to emulate a malicious hacker; therefore, he needs to be aware of the tools and techniques to infiltrate a target system. One of the ways of gaining and maintaining access on a target system is through the use of Trojan backdoor applications. This chapter introduces several of these backdoor tools.

Viruses are another type of malware (malicious software) that are often confused with Trojans. Viruses attach themselves to other applications and spread to other computers. Left unchecked, viruses can take down entire organizations or, worse yet, bring the Internet to a halt. Some of the more well-known viruses include W32/Netsky and W32/MyDoom.

Worms, like viruses, spread from one computer to another, but unlike viruses, they do not require themselves to be attached to another application. Worms do not need to attach themselves to other applications because they contain their own propagation engine. An example of a deadly worm would be the SQL Slammer worm.

Because of the deadly nature of viruses and worms, penetration testers should not be asked to attempt to install viruses and worms onto the target network. However, penetration testers are expected to be aware of malicious hacking techniques, including viruses and worms, and how to detect and prevent them.

     < Day Day Up > 


    Penetration Testing and Network Defense
    Penetration Testing and Network Defense
    ISBN: 1587052083
    EAN: 2147483647
    Year: 2005
    Pages: 209

    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net