Backdoors

When attackers obtain root-level access to a server, by whatever means, they will want to do two things:

·         Install a backdoor;

·         Cover their tracks.

Backdoors allow attackers to remotely access a system again in the future. For example, the attacker may have used a particular security hole to get root-level or Administrator-level access to a computer. However, over time, that particular security hole may be closed, preventing the attacker from accessing the system again using that specific method. To overcome this, attackers install 'backdoors'. These backdoors take different forms, but all allow an attacker to access the server again without going through the standard login procedures and without having to repeat the attack that gave them access in the first place.

Many worms install backdoors as a part of their malicious payload. Common backdoor programs are 'Netbus' and 'BackOrifice', which allow attackers to remotely control a compromised server.