Backdoors and Rootkits

 

Backdoors.  A backdoor is any piece of software or internal configuration designed to allow for remote access to a system.

Backdoors were, at least initially, developed intentionally to create ways for those with authorized access to get into applications and operating systems even when things have gone wrong. 

  • Have you ever gotten locked out of something running on a computer and wished you could get in even though things have gone wrong?
  • Have you ever gotten locked out of something running on a computer and wished someone else could get in even though things have gone wrong?

Some other ways in which these sorts of scenarios could develop are listed below.

  • maybe an admin or developer forgets the high level password or it gets inadvertently changed

Some problems with these sorts of approaches to handling difficulties are listed below.

  • if such a backdoor, likely with password access, is coded in it cannot be removed
  • if such a backdoor is discovered by someone with mal intent then all kinds of other difficulties can arise

What are the ethics of the following sorts of situations?

  • a government requires all of its developers to place backdoors in that can be used by the government for special ops
    • what if the governmental user is unethical?
    • what if other corporations learn of these backdoors and use them for industrial spying?
    • what if other governments learn of such backdoors and require their nations to not purchase the software?
  •  

The term backdoor is also used to refer to software that an attacker installs on a system that they have gained unauthorized access to.  Installing such software can give the attacker much easier access to the system in the future.

Backdoors might get installed inadvertently by authorized users.  For example, software containing a Trojan Horse might get installed when a web user downloads from particular websites.  There are software programs such as the following that will allow an attacker unauthorized access to a system.

  • NetBus
  • Back Orifice
  • Subseven - appeared with software called Whack-a-Mole
  • T0rnkit
  • there were some backdoors written into older versions of SSH1 - secure shell
  • Award BIOS used to have backdoor password CONDO which could circumvent machine security if entered at the password screen

There are also legitimate backdoors or ways to access computer systems remotely such as

  • Remote Desktop (microsoft.com)
  • PC Anywhere (symantec.com)
  • VNC - Virtual Network Computing (realvnc.com)

Rootkits.  In general, rootkits are special types of backdoors.  Rootkits are established to gain continued root access to a system.  These are usually installed at much lower system levels near the kernel level of the operating system.

The terminology for these sorts of malware comes from the UNIX environment where they originated.

One of the most famous rootkits appeared in 2005 when Sony-BMG Music Entertainment used a rootkit to implement copy protection for some of its music CDs.  Some attackers were able to take advantage of the presence of this rootkit to install their own software on other's computers.

Another fairly well known rootkit is t0rnkit, which can be used to infect and take over Linux machines.

More will be added.