Concealment: Trojan horses, rootkits, and backdoors

Trojan horses. For a malicious program to accomplish its goals, it must be able to do so without being shut down, or deleted by the user or administrator of the computer on which it is running. Concealment can also help get the malware installed in the first place. When a malicious program is disguised as something innocuous or desirable, users may be tempted to install it without knowing what it does. This is the technique of the Trojan horse or trojan.

In broad terms, a Trojan horse is any program that invites the user to run it, concealing a harmful or malicious payload. The payload may take effect immediately and can lead to many undesirable effects, such as deleting the user's files or further installing malicious or undesirable software. Trojan horses known as droppers are used to start off a worm outbreak, by injecting the worm into users' local networks.

One of the most common ways that spyware is distributed is as a Trojan horse, bundled with a piece of desirable software that the user downloads from the Internet. When the user installs the software, the spyware is installed alongside. Spyware authors who attempt to act in a legal fashion may include an end-user license agreement that states the behaviour of the spyware in loose terms, which the users are unlikely to read or understand.

Rootkits. Once a malicious program is installed on a system, it is essential that it stays concealed, to avoid detection and disinfection. The same is true when a human attacker breaks into a computer directly. Techniques known as rootkits allow this concealment, by modifying the host operating system so that the malware is hidden from the user. Rootkits can prevent a malicious process from being visible in the system's list of processes, or keep its files from being read. Originally, a rootkit was a set of tools installed by a human attacker on a Unix system where the attacker had gained administrator (root) access. Today, the term is used more generally for concealment routines in a malicious program.

Some malicious programs contain routines to defend against removal, not merely to hide themselves, but to repel attempts to remove them. Modern malware uses the techniques wherein the malware starts a number of processes that monitor and restore one another as needed.

Backdoors. A backdoor is a method of bypassing normal authentication procedures. Once a system has been compromised (by one of the above methods, or in some other way), one or more backdoors may be installed in order to allow easier access in the future. Backdoors may also be installed prior to malicious software, to allow attackers entry.

The idea has often been suggested that computer manufacturers preinstall backdoors on their systems to provide technical support for customers, but this has never been reliably verified. Crackers typically use backdoors to secure remote access to a computer, while attempting to remain hidden from casual inspection. To install backdoors crackers may use Trojan horses, worms, or other methods.

Exercise 36. Give Ukrainian equivalents to the following word combinations:

infectious malware and concealment; to infiltrate a computer system without the owner's informed consent; hostile, intrusive, or annoying software or program code; a catch-all phrase to include all types of malware; the intent of the creator; a legitimate purpose; to contain harmful bugs; trojan horses; executable software; to carry a payload; to be classified as viruses rather than worms; to accomplish the goals; to be disguised as something innocuous or desirable; to be tempted to install it; to start off a worm outbreak; by injecting the worm into users' local networks; to avoid detection and disinfection; to prevent a malicious process from being visible; gain administrator access; to defend against removal; bypassing normal authentication procedure; once a system has been compromised; to secure remote access to a computer, while attempting to remain hidden from casual inspection.

Exercise 37.Write derivatives related to the following words:

design, compute, system, express, profession, vary, intrude, create, defect, harm, honest, want, infect, behave, execute, act, define, define, rely, conceal, immediate, desire, direct, modify, origin, verify, install.

Exercise 38. Write definitions to the terms below:

malicious software, defective software, a computer virus, a worm, a Trojan horse, spyware, a rootkit, a backdoor, a cracker.

Exercise 39. Write ten key questions to the text of exercise 35.

Exercise 40. Summarize the text of exercise 35. In what way do you protect your computer from infectious malware and concealment?

Exercise 41. Memorize the following words and word combinations:

Поиск по сайту: