Levi, Ray & Shoup, Inc.

Security education: Backdoor Trojan

4/15/2021 by LRS IT Solutions

In our last security education blog post, we discussed what a Trojan is in general. We defined a Trojan horse or Trojan as a type of malware that is often disguised as a legitimate software; it misleads users of its true intent.

In this post we are going to define what a Backdoor Trojan is. This Trojan creates a "backdoor" on your computer or device through applications that allow for remote access. Backdoors are often used for targeted attacks; hackers leverage backdoor programs to access the victims' network.

To really understand the concept, imagine you are working from home and you see a vehicle stop up the street every day. One day the person exits the car, and you see them look at your neighbor's front door. You know that your neighbor has a camera doorbell, and you see the person quickly move from the visual field of the camera and go around to the backdoor. You do not give much thought to this and watch the person go to the backdoor, try the door and find it is unlocked. You decide that this person must be someone the neighbors know and go about your business. The person shows up to your neighbor's house every day and enters the house through the backdoor, any suspicion you might have had has completely gone away, this has become normal traffic.

To the untrained eye there is nothing that looks to be signs of burglary. The person has made the consistent appearance at the neighbor's house and has never ransacked the place. The persons presence has become normal, entering the same backdoor, day in and day out. Everything is normal or seems to be. Trojan backdoors work much of the same way.

For the cybercriminal, one benefit of this attack is that, once it’s in your computer, it can allow more malware to be uploaded without your knowledge. Data from your computer or mobile device can be downloaded by a third party and stolen. Another aspect of this attack vector is that the backdoor itself can help cybercriminals break into the infrastructure without being discovered.

Backdoors not only provide disguised point of entry for cyber-criminals, but can also offer several strategies for intrusion, including port binding, connect-back, connect availability use, and legitimate platform abuse. Other approaches that we have seen are common services protocol, file header abuse, protocol or port listening, custom DNS lookup use, and port reuse.

Software is not the only system that can have a backdoor; hardware can also have a backdoor, including authentication tokens, network appliances, surveillance systems, and certain communication infrastructure devices can also have malicious backdoors for cyber-thieves and cybercriminals.

There are many ways we can protect ourselves and others from these types of breaches. But it always must start with everyone around us being alert of our surroundings. Deploying safety mechanisms and protecting our perimeters is a start. Vulnerabilities can happen, being proactive is the only forward step in getting ahead of cyber-crimes.

The Security team at LRS IT Solutions can help you understand security issues such as backdoor Trojans and develop an effective plan for dealing with them. Just fill out the form below for a free consultation.