Backdoors,Worms,Rootkits

FREE PC HELP Virus & Spyware BenchMark Tools Downloads LIVE PC HELP Drivers & Bios Update Backdoors,Worms,Rootkits Registry,Phishing, Myth vs.Fact Adware

Backdoors

Backdoor Information:

Backdoors are by far the most effective way to regain entry to a system that intruders have already compromised. They allow intruders to easily connect to a computer by evading such security measures as account password protection, firewalls and sometimes even intrusion detection systems, which act like a security system for a house (they alert you when unauthorized activity/entrances/etc. are occurring so that you can take the appropriate actions).

So, what is a backdoor anyways? Well, consider it like a backdoor on your house: it gives intruders a less-detectable avenue of breaking into your house versus just entering right through the front door. In short, backdoors allow intruders to effortlessly gain access to your computer.

Well, if that's the case, then how do backdoors get set up on your computer? Good question. Backdoors get set up on your computer by attaching themselves to things called "ports". Simply put, ports are the things that allow you to communicate with everything the Internet has to offer. Believe it or not, your computer actually has over 65,000 ports it can use for communications on the Internet! So, all an intruder has to do is set up a backdoor (called a "server") on your computer and have it "listen" for incoming connections on the desired port. Once the intruder wants back into your computer, all they have to do is use something called a "client" to tell the "server" backdoor that they are coming in. The "server" then welcomes them back into your computer, evading any security features you may have.

Backdoors - Taking Action...

Backdoors can be a nuisance to spot on your computer unless you know what to look for. But, since a lot of backdoors fall into the category of viruses, worms and trojans, anti-virus software is constantly identifying new backdoors that can be removed from your system.

To prevent and detect backdoors on your system, do the following:

  • Keep your computer up-to-date with the latest patches: While backdoors usually focus on the port, the application that supports it may try to take advantage of security holes. Patches seal up these security holes, so it's in your best interest to keep up with the most recent patches available. Not sure if you have the most up-to-date patches? Have a look at Microsoft's website and click on the Microsoft Update link on the left-hand menu. You also have the option of having critical patches automatically update your machine when available. To set this option, do the following:

    • Click Start, then My Computer
    • Under the Other Places menu to the left, click Control Panel
    • If you are in Category View, click Security Center and click on the Automatic Updates section at the bottom of the new window that opened. In the new window that opened, make sure the Automatic (recommended) is selected.

    If you are in Classic View, click System. When the new window opens, click the Automatic Updates tab and make sure the Automatic (recommended) is selected.

  • Have anti-virus software installed with up-to-date virus definitions: Having anti-virus software with the most up-to-date virus definitions is one of your best defenses against backdoors. Not only that, but it's a fact that anti-virus software is pretty much useless if you don't keep its virus definitions up-to-date. Have a look at the Checklist section for more information about anti-virus software.
  • Use extreme caution when opening attachments in emails and downloading programs off of the Internet: This is probably the most common avenue that trojans and backdoors take advantage of. Always use anti-virus tools to scan emails attachments for trojans. Even if the email looks like it came from someone you know, it never hurts to scan it.

Worms

Worms. Chances are if you have ever read any type of newspaper, you have read about worms. From Love Bug and Code Red to Bugbear, these babies have been known to cause unimaginable amounts of damage world-wide. We have no doubt in our minds that the Internet is going to be playing a crucial role in wars from now on; if worms are programmed properly, they can be one of the fastest methods of causing damage on a global scale.

Computer Worm Information:

The question is how can worms spread so fast, and how are they different from viruses? With the many conversations we have had with both business and personal users, the terms virus and worm are spoken of in a manner that they both mean the same thing. While they both have many similiarities, there is one distinguishing feature that separates the viruses from the worms:

Worms, unlike viruses, have self-propogating engines incorporated into them. What this means is that while a virus needs a person to activate it (thus giving it the capability to spread), worms can do this without any human interaction.

This is how worms cause such a large amount of damage. They spread by themselves and unleash their payload at each and every computer they infect. This leads to another question: how do worms spread themselves???

Yet another excellent question! Worms can do this in a variety of ways. With the worms we have analyzed (as well as the popular ones you see in the news), worms primarily spread in the following ways:

  • Email address harvesting: When a worm infects your system, it will check a variety of file types on your computer for additional email addresses to send itself to. The main file types that worms look in for email addresses are files that end in .doc (Microsoft Word documents), .txt (Notepad files), .htm and .html (both are webpages).
  • Same-domain search engine queries: Once a worm infects your system, it will determine what domain your computer is on. Once it figures this out, the worm will actually use popular search engines such as Google, Yahoo, Altavista and Lycos to search for additional email addresses that match your domain name.

Want to figure out what domain your computer is on? Do the following:

  • Click Start, then Run...
  • In the new window that opens, type "cmd" (without the quotes) and click OK
  • When the black box opens, type "ipconfig" (without the quotes) and hit Enter
  • The value to the right of "Connection-specific DNS Suffix" is the domain your computer resides on
  • Once you discovered the domain your computer is on, type "exit" (without the quotes) and hit Enter to exit

Think that worms are smart? Well unfortunately, they are even smarter than you think. Now, you would think that once worms find additional email addresses to send itself to, it would just send the exact same email to every email address... we wish that were true. Worms are developed with what you could consider an email generator. Every email that is sent through the worm can have a combination of a randomized Sender, Subject, Email Attachment (not only the attachments name, but its extension as well), and Body. Since everything can be randomized except your email address, it makes it very difficult to spot a worm. Kinda gives you a new perspective of opening junk mail, doesn't it!

Worms - Taking Action...

Nobody ever wants to deal with worms, that is obvious (unless you are a malicious software analyzer or just crazy). Fortunately, the good guys a lot of the time know what to look for in worms and can quickly produce a remedy for the general public. There are a large amount of worms that have had a lifespan of less than an hour because of the rapid releases of security patches from companies worldwide! How's that for a breath of fresh air!

Want to jump into the fight of preventing worms from spreading? Make sure you do the following:

  • Keep your computer up-to-date with the latest patches: We can't exagerate the fact of how important this is to do. These patches seal up security holes that worms take advantage of, so it's in your best interest to keep up with the most recent patches available. Not sure if you have the most up-to-date patches? Have a look at Microsoft's website and click on the Microsoft Update link on the left-hand menu. You also have the option of having critical patches automatically update your machine when available. To set this option, do the following:

    • Click Start, then My Computer
    • Under the Other Places menu to the left, click Control Panel
    • If you are in Category View, click Security Center and click on the Automatic Updates section at the bottom of the new window that opened. In the new window that opened, make sure the Automatic (recommended) is selected.

    If you are in Classic View, click System. When the new window opens, click the Automatic Updates tab and make sure the Automatic (recommended) is selected.

  • Have anti-virus software installed with up-to-date virus definitions: Having anti-virus software with the most up-to-date virus definitions is one of your best defenses against worms. Not only that, but it's a fact that anti-virus software is pretty much useless if you don't keep its virus definitions up-to-date. Have a look at the Checklist section for more information about anti-virus software.
  • Use extreme caution when opening emails from unknown users: This is how worms like to spread. Always use anti-virus tools to scan emails for worms. Even if the email looks like it came from someone you know, it never hurts to scan it for worms. You just never know if a worm got onto a computer of someone you know and sent its own email to try and infect your system.

Rootkits

The majority of people we have talked to regarding their computer's and network security have never heard of a rootkit. We think it is important for everyone to at least understand that they exist. Now, there are different categories of rootkits, but we are only going to describe their general purpose, since getting in-depth into rootkits is beyond the scope of this website. And for those of you wondering, no, we're not talking about anything that you can use for gardening

Rootkit Information:

Consider rootkits as an evolved version of a trojan. They can masquerade themselves to the point where even anti-virus software can not detect them. If you get a rootkit on your system, you can not trust anything on your system because everything can be a trap! What do we mean by a trap? Well, simply put, anything you open on your computer can give you false results.

Consider this: You know that screen that pops up on your computer when you hit the Ctrl, Alt and Delete buttons at the same time? Well, if you don't know, that screen shows you all of the processes and programs that are currently running on your system. If you have a rootkit installed on your system, all of the running processes and programs that are being used by the rootkit will probably not show up on that running processes screen. This is telling you, the user, that Windows does not think these processes are running when in fact they really are! How are you supposed to detect and remove rootkits when Windows can't even recognize their existence on your system??

Just like Trojans, rootkits can equip a plethora of different tools. Spyware, viruses, worms, backdoors; they can all be part of rootkits.

Having said that, there is something we feel that needs to be said. In November of 2005, it has been discovered by a man named Mark Russinovich that Sony has included a stealth rootkit in some of their music CD's from 2005. It is imperative to install the rootkit patch that Sony has provided if you have run one of these CD's on a computer. Check out the links below for more information:

Article about the Sony Rootkit: http://www.wired.com/news/privacy/0,1848,69601,00.html

List of CD's affected by the Sony Rootkit: http://www.sonybmgcdtechsettlement.com/CDList.htm

Patch to remove the rootkit from your computer: http://www.sonybmgcdtechsettlement.com

The purpose of the Sony rootkit was intended to prevent piracy of music CD's, but it took a deadly turn. Once the bad guys learned about Sony's rootkit, they quickly developed tools and programs that would take advantage of any computers that had the rootkit installed. So, whether you have run one of these CD's on your personal or business computer, make sure to install that patch right away!

Rootkits - Taking Action...

So, the sixty-four million dollar question is how to protect yourself from these rootkits? Unfortunately, there is not that much you can do to protect yourself because of the way rootkits are developed. Once you get infected with a rootkit, you usually need to reformat your system. That is that only real way that you can know that the rootkit is off your system.

Even though rootkits are extremely difficult to get off of your computer, there are some things you can do to prevent them from getting on your computer in the first place:

  • Keep your computer up-to-date with the latest patches: Rootkits like to take advantage of security holes. These patches seal up these security holes, so it's in your best interest to keep up with the most recent patches available. Not sure if you have the most up-to-date patches? Have a look at Microsoft's website and click on the Microsoft Update link on the left-hand menu. You also have the option of having critical patches automatically update your machine when available. To set this option, do the following:

    • Click Start, then My Computer
    • Under the Other Places menu to the left, click Control Panel
    • If you are in Category View, click Security Center and click on the Automatic Updates section at the bottom of the new window that opened. In the new window that opened, make sure the Automatic (recommended) is selected.

    If you are in Classic View, click System. When the new window opens, click the Automatic Updates tab and make sure the Automatic (recommended) is selected.

  • Have anti-virus software installed with up-to-date virus definitions: While anti-virus scans usually don't delve into the depths where rootkits lurk, Having anti-virus software with the most up-to-date virus definitions is always a good thing to have. Have a look at the Checklist section for more information about anti-virus software.