Vous êtes sur la page 1sur 10
Semester 2, Sidang Akademik 2011/2012 CST 233 Assignment 1 Fail ‐ Secure Lock System Prepared

Semester 2, Sidang Akademik 2011/2012 CST 233 Assignment 1 FailSecure Lock System

Prepared by Muhammad Noorshazmil Bin Mohd Zahri

Name:

Matric No.: 107608

Pensyarah:

Prepared for Dr. Aman Jantan

Date of Submission

19 th April 2012

Fail-Secure Lock System

Muhammad Noorshazmil Bin Mohd Zahri, 107608

UNIVERSITI SAINS MALAYSIA Computer Science

mnoorshazmil.ucom10@student.usm.my

Abstract — Investigation on how backdoor infect in our computer system. Why it is so dangerous in some organization. Vulnerability of security on computer system towards backdoor. Backdoors are often installed by attackers who have compromised a system to ease their subsequent return to the system. We consider the problem of identifying a large class of backdoors, namely those providing interactive access on nonstandard ports, by passively monitoring a site's Internet access link.

1.0 INTRODUCTION

A backdoor is a

means of access to a

computer

program

that

bypasses

security

mechanisms. The Backdoor Virus is more likely

attach itself to important system files, allowing it

to hide from the antivirus software. It is also

known as backdoor Trojan, a program that

allows

hackers

access

to

others’ computers.

User’s computer is highly infected to the threat,

because the backdoor allows valuable data and

passwords to be easily recorded and viewed by

the hacker. Because it

is subtle and deeply

imbedded into the target’s system, the backdoor

Trojan is

difficult to detect and even more

difficult to remove. The size of the virus varies in

the amount of time it is detected and deleted. If

the virus cannot be removed within a few days,

it could multiply itself.

A programmer may sometimes install a

back door so that the program can be accessed

for troubleshooting or other purposes. However,

attackers often use backdoors that they detect

or install themselves, as part of an exploit. In

some

cases,

a worm is

designed

to

take

advantage of a back door created by an earlier

attack.

For

example, Nimda

gained

entrance

through a back door left by Code Red.

Whether installed as an administrative

tool

or

a

means of attack, a back door

is

a

security risk, because there are always crackers

out there looking for any vulnerability to exploit.

In her article "Who gets your trust?" security

consultant Carole Fennelly uses an analogy to

illustrate the situation: "Think of approaching a

building with an elaborate security system that

does bio scans, background checks, the works.

Someone who doesn't have time to go through

all that might just rig up a back exit so they can

step out for a smoke -- and then hope no one

finds out about it."

One of the most insidious computer viruses today is the backdoor Trojan. The name backdoor Trojan comes from a melding of metaphors. The term Trojan comes from a reference to the legendary Trojan horse that destroyed the city of Troy during a war with Greece. Like the Trojan horse the backdoor Trojan at first looks like a gift, only later does the user find that the enemy was hidden inside. The Trojan horse backdoor virus is comprised of two parts. The first part is the "server". This is the part of the virus that infects the system, and opens the backdoor into the computer. The second part is the "client". The client is the part installed on the intruder's computer that allows the intruder to find and access the server, thereby gaining access to the victim's computer.

The possible effects that backdoor Trojan can cause are as highlighted below:

Alter System Settings

Delete Files

Wreak Havoc

Steal Credit Card Number and Passwords

Send Spam

View Videos, Pictures, Phone Number and Related Information

2.0 TYPES OF BACKDOOR

2

components – client and server. An attacker will use the client application to communicate with the server components, which are installed on the victim’s system. Depending on how sophisticated a client is, it can include such features as:

A

typical

backdoor

consists

of

Sending and receiving files

Browsing through the hard drives and network drives

Getting system information

Taking screenshots

Changing the date/time and settings

Playing tricks like opening and closing the CD-ROM tray

and so on.

A backdoor's server components can be installed on an unsuspecting user's system in numerous ways - as part of a worm or trojan payload, as an email attachment, as a tantalizingly-named file on peer-to-peer networks, etc. Once installed, the server component will open a network port and communicate with the client, to indicate that the computer is infected and vulnerable. An attacker can then use the backdoor's client to issue commands to the infected system.

There are two types of backdoor Trojans. The first one is a useful program that has been altered by a cracker. That way, the black hat hacker can disguise his attack. Once the program is executed, the altered code is activated. What this new code may do is unknown. Only it can be known once it is running.

The second type of backdoor Trojan is a program that masks itself as another program. For example, a cracker may replace a free game from a website and hang his "hidden Trojan". Since this is unnoticed by a regular computer user, he

will download the program without even suspecting its potential danger.

An example type of backdoor:

1. SSH

2. Rlogin

3. Telnet

4. FTP

5. Root prompt

6. Napster

7. Gnutella

3.0 REAL CASE IN COMPUTER SYSTEM

3.1 Backdoor installed in Mac OS X

OSX/Tsunami-A, a new backdoor Trojan horse

for Mac OS X, has been discovered.

What makes Tsunami particularly interesting is

that it appears to be a port of Troj/Kaiten, a

Linux backdoor Trojan horse that once it has

embedded itself on a computer system listens to

an IRC channel for further instructions.

Typically

code

like

this

is

used

to

rally

compromised

computers

into

a

DDoS

(distributed denial-of-service) attack, flooding a

website with traffic.

It's not just a DDoS tool though. As you can see

by the portion of OSX/Tsunami's source code

that I have reproduced below, the bash script

can be given a variety of different instructions

and can be used to remotely access an affected

computer.

and can be used to remotely access an affected computer. It could be that a malicious

It could

be that

a

malicious hacker plants it

there, to access your computer remotely and

launch DDoS attacks, or it may even be that you

have volunteered your Mac to participate in an

organised attack on a website.

But remember this - not only is participating in a

DDoS attack illegal, it also means that you have

effectively put control of your Mac into someone

else's hands. If that doesn't instantly raise the

hairs

on the

should.

back of

your neck, it certainly

the hairs on the should. back of your neck, it certainly Mac users are reminded that

Mac users are reminded that even though there

is far less malware in existence for Mac OS X

than

for

Windows,

that

doesn't

problem is non-existent.

mean

the

3.2 Backdoor In Games

Tracking the increasingly common use of

PC games as an infection vector, researchers at

the Microsoft Malware Protection Center (MMPC)

discovered

a

couple

of

malicious

programs

making the rounds on torrent and file sharing

sites.

Social

engineers

are

disguising

their

malware by labeling it as the beta-versions of

unreleased games or upgrades to popular ones.

With

the

following

Betakeys.txt.exe"

and

files,

“dota

2

“diablo3-crack.exe",

attackers

prey

out Defense

of

on

the

gamers

anxious

Ancients

2 (a

to

test

custom

scenario map for Warcraft III) and Diablo III,

respectively, which aren’t slated for release until

later in 2012.

In the first case, users attempting to snag a beta

version of Defense of the Ancients 2 are actually

just

downloading

the

Pontoeb

malware

(detected as Backdoor:MSIL/Pontoeb.J). Once

executed,

Pontoeb

begins

gathering

critical

system information with the ultimate goal of

morphing the computer into part of a zombie

network.

It

eventually

installs

a

backdoor

through which attackers can communicate to

execute various commands.

In the second case, the Fynloski remote

access

tool

(detected

as

Backdoor:Win32/Fynloski.A) is installed. Fynloski

is a backdoor trojan that gains access to nearly

all the information and resources within a given

computer, logging keystrokes, downloading and

running arbitrary files, and disabling security

settings. The MMPC wrote an interesting follow-

up

piece

detailing

Fylonski’s

obfuscation

techniques, which can be found here.

The

MMPC

recommends

visiting

the

official

Defense of the Ancients and Diablo websites if

you want to securely try out the actual beta

versions.

4.0 HOW TO PREVENT BACKDOOR

If you want to delete backdoor Trojans forever, then you need to take the first step in order to eliminate this troublesome malware: caution. Although many computer users do not take this into consideration. The truth is that without some basic security procedures, your computer will be infested with Trojans; backdoor entrances, after all, are commonplace. However, in order to fight them, it is our duty to know about them. So let's find out first what a Trojan is.

The good news is that many backdoor programs are recognized by antivirus software. Keep your antivirus updated and run it often. Install a firewall and keep that updated regularly as well. Occasionally run online virus scans. They could pick up things that your installed antivirus software may have missed.

Software manufacturers like Microsoft are aware of backdoor programs and the damage they do. Periodically they will release "patches" that you can install on your system to help protect your computer from backdoors as well as other types of

malicious attacks. Download these patches when they come out to help keep your computer running safely.

5.0 PEOPLE THAT ALWAYS USE BACKDOOR

Virus Techniques

A backdoor can be made either by the

software developer, or by one third. A person

familiar with the backdoor

can

be

used

to

monitor the activities of the software, or gain

control

(for

authentication

bypass).

Finally,

depending on the extent of rights that provides

operating

system

software

contains

the

backdoor, control may extend to all operations

of the computer.

The widespread networking of computers makes

back-doors

much

more

useful

than

when

physical access to the computer was the rule.

Among the reasons leading software developers

to create backdoors, there are:

The practical easily accessible and always open the software to efficiently conduct maintenance actions;

The ability to disable the software surreptitiously in case of disagreement with his client (non-payment of license).

Among the reasons leading hackers to install a backdoor:

ability to monitor what the

legitimate user and copy or destroy data

with a value (passwords, private key to decrypt messages private banking information, trade secrets);

The

a

computer and can use it to carry out evil actions (sending spam, including phishing,

viruses, denial of service);

The

ability

to

take

control

of

Control

computers (see botnet) that can be used to blackmail the distributed denial of service (DDoS), or resold to criminals.

of

a

vast

network

of

To install backdoors mass, hackers are

using worms. They spread automatically and

install

a

computer

server

on

each

infected

computer. Then the attacker can connect to the

Internet through a server.

A backdoor can be inserted by way of Easter

egg,

compiler

or

may

take

the

form

program like Back Orifice.

of

a

6.0 CONCLUSION

Nowadays, backdoor has become the most dangerous in our computer system. Not just in Windows, it had been spread on Mac OS X and other linux OS. As technology increasing rapidly, the more viruses is mutated. The backdoor is one of the viruses that multiple itself rapidly on each computer system through network such as email and software installed in system. We need to make sure of protection in each computer to ensure our information or details are not being stole. If backdoor had been go through our system, it can control all activity in computer whether we had installed the antivirus or other software protection. To make sure, the backdoor are not installed in system, we need up to date our system’s activity and antivirus in system is well functioning.

Furthermore, we need to monitor out network activity. Is there suspicious activity that send data to unknown website or

server, activity that use high processing in system and we are highly recommended to install antivirus or antispyware or another protection system software, so that our system is fully protected from the backdoor.

In addition, one important thing, backdoor is a process that trying to steal our information whether there is firewall. Backdoor will keep trying again and again. So, we must take action immediately if we detected backdoor entered in system. If, we does not concern about it, all our system can be corrupted and all neighbourhood network information can be stolen too.

7.0 REFERENCES

1.

How Do I Secure My Windows PC

?

http://www.webopedia.com/DidYouKno

w/Hardware_Software/Security/how-do-

i-secure-my-windows-pc.html

2. Backdoor

http://www.webopedia.com/TERM/B/bac

kdoor.html

3. Backdoor

http://www.catb.org/jargon/html/B/back

-door.html

4. Thwarted Linux backdoor hints at

smarter hacks

http://www.securityfocus.com/news/738

8

5.

Tony Northrup, [Firewalls]

http://technet.microsoft.com/en-

us/library/cc700820.aspx

6. Hidden Backdoors, Trojan Horses

and

Environment

in a Windows

Rootkit

Tools

http://www.windowsecurity.com/articles

/hidden_backdoors_trojan_horses_and_r

ootkit_tools_in_a_windows_environment

.html

7. The Enemy Within: Firewalls and

Backdoors

http://www.symantec.com/connect/articl

es/enemy-within-firewalls-and-backdoors