Much as for viruses and worms, several construction kits are available that allow for the rapid creation and deployment of Trojans. The availability of these kits has made designing and deploying malware easier than ever before:
Trojan Construction Kit One of the best examples of a relatively easy-to-use but potentially destructive tool. This kit is command-line based, which may make it a little less accessible to the average person, but it is nonetheless very capable in the right hands. With a little effort, it is possible to build a Trojan that can engage in destructive behavior such as destroying partition tables, master boot records (MBRs), and hard drives.
Senna Spy Another Trojan-creation kit that provides custom options, such as file transfer, executing DOS commands, keyboard control, and list and control processes.
Stealth Tool A program used not to create Trojans but to assist them in hiding. In practice, this tool is used to alter the target file by moving bytes, changing headers, splitting files, and combining files.
Many attackers gain access to their target system through a backdoor. The owner of a system compromised in this way may have no indication that someone else is using the
system. When implemented, a backdoor typically achieves one or more of the following key goals:
- Lets an attacker access a system later by bypassing any countermeasures the system owner may have placed.
- Provides the ability to gain access to a system while keeping a low profile. This allows an attacker to access a system and circumvent logging and other detective methods
- . Provides the ability to access a system with minimal effort in the least amount of time. Under the right conditions, a backdoor lets an attacker gain access to a system without having to rehack.
Some common backdoors that are placed on a system are of the following types and purposes:
- Password-cracking backdoor—Backdoors of this type rely on an attacker uncovering and exploiting weak passwords that have been configured by the system owner.
- Process-hiding backdoor—An attacker who wants to stay undetected for as long as possible typically chooses to go the extra step of hiding the software they are running. Programs such as a compromised service, a password cracker, sniffers, and rootkits are items that an attacker will configure so as to avoid detection and removal. Techniques include renaming a package to the name of a legitimate program and altering other files on a system to prevent them from being detected and running.
Once a backdoor is in place, an attacker can access and manipulate the system at will.