About Backdoors A backdoor program is a remote administration utility that, once installed on a computer, allows a user access and

control it over a network or the Internet. A backdoor is usually able to gain control of a system because it exploits undocumented processes in the system's code. These utilities may be legitimate, and may be used for legitimate reasons by authorized administrators, but they are also frequently used by attackers to gain control of a user's machine without their knowledge or authorization. A typical backdoor consists of 2 components- client and server. An attacker will use the client application to communicate with the server components, which are installed on the victim's system. Depending on how sophisticated a client is, it can include such features as:

Sending and receiving files Browsing through the hard drives and network drives Getting system information Taking screenshots Changing the date/time and settings Playing tricks like opening and closing the CD-ROM tray

and so on. A backdoor's server components can be installed on an unsuspecting user's system in numerous ways - as part of a worm or trojan payload, as an email attachment, as a tantalizingly-named file on peer-to-peer networks, etc. Once installed, the server component will open a network port and communicate with the client, to indicate that the computer is infected and vulnerable. An attacker can then use the backdoor's client to issue commands to the infected system.

IRC Backdoors A particular type of backdoor is the IRC backdoor, which can be controlled via a specific Internet Relay Chat (IRC) channel under the control of the hacker. A back door is a means of access to a computer program that bypasses security mechanisms. A programmer may sometimes install a back door so that the program can be accessed for troubleshooting or other purposes. However, attackers often use back doors that they detect or install themselves, as part of an exploit. In some cases, a worm is designed to take advantage of a back door created by an earlier attack. For example, Nimda gained entrance through a back door left by Code Red. Whether installed as an administrative tool or a means of attack, a back door is a security risk, because there are always crackers out there looking for any vulnerability to exploit. In her article "Who gets your trust?" security consultant Carole Fennelly uses an analogy to illustrate the situation: "Think of approaching a building with an elaborate security system that does bio scans, background checks, the works. Someone who doesn't have time to go through all that might just rig up a back exit so they can step out for a smoke -- and then hope no one finds out about it." A backdoor in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication, securing remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected. The backdoor may take the form of an installed program (e.g., Back Orifice) or may subvert the system through a rootkit. A backdoor is a malicious computer program or particular means that provide the attacker with unauthorized remote access to a compromised system exploiting vulnerabilities of installed software and bypassing normal authentication. A backdoor works in background and hides from the user. It is very similar to a virus and therefore is quite difficult to detect and completely disable. Glupzy is a backdoor that provides the attacker with unauthorized remote access to the compromised computer. The intruder can control the infected system and steal user sensitive information. Once executed, Glupzy secretly installs itself to the system.