What Is “Backdoor” Virus?
In software, a backdoor virus is a feature unknown to the legitimate user, which gives access to the secret software. The introduction of a backdoor in software unknown to the user changes the software in Trojan.
Virus Techniques
A backdoor can be made either by the software developer, or by one third. A person familiar with the backdoor can be used to monitor the activities of the software, or gain control (for authentication bypass). Finally, depending on the extent of rights that provides operating system software contains the backdoor, control may extend to all operations of the computer.
The widespread networking of computers makes back-doors much more useful than when physical access to the computer was the rule. Among the reasons leading software developers to create backdoors, there are:
- The practical easily accessible and always open the software to efficiently conduct maintenance actions;
- The ability to disable the software surreptitiously in case of disagreement with his client (non-payment of license).
Among the reasons leading hackers to install a backdoor:
- The ability to monitor what the legitimate user and copy or destroy data with a value (passwords, private key to decrypt messages private banking information, trade secrets);
- The ability to take control of a computer and can use it to carry out evil actions (sending spam, including phishing, viruses, denial of service);
- Control of a vast network of computers (see botnet) that can be used to blackmail the distributed denial of service (DDoS), or resold to criminals.
To install backdoors mass, hackers are using worms. They spread automatically and install a computer server on each infected computer. Then the attacker can connect to the Internet through a server.
A backdoor can be inserted by way of Easter egg, compiler or may take the form of a program like Back Orifice.
The case of the Unix C compiler: Trusting Trust
In 1984, the American computer scientist Ken Thompson described in his article Reflections on Trusting Trust, how it was possible to insert a backdoor in every compiled C programs on Unix. Moreover, as the updated versions of the compiler, which is nothing more than another program compiled, are compiled from existing C compiler, the algorithm for inserting the backdoor would is transmitted from one update to another. So if this compiler back door had been “released into the wild” at the origin, then any C compiler would insert backdoors possibly today.
Note that this backdoor in every compiled C programs never appear in the source code in C. The term trust (to trust) is that the original C compiler is considered by its user as a black box trustworthy.
For a programmer who does not understand the operation of such a compiler, but he trusted it would be difficult to imagine a program that he himself has written and compiled, contains a backdoor.
Interbase
A backdoor was discovered in the system management database Interbase January 10, 2001 at the opening of source code from the publisher, Borland. It was enough to enter the username “politically” and the password “correct” to connect administrator. The flaw existed since 1994.
GNU / Linux
In November 2003, a backdoor was found in GNU / Linux. It was quickly detected, before a version of GNU / Linux is put into production. The backdoor has been grafted very synthetically: it consists of two lines of C language added to the function sys_wait4 file kernel / exit.ca”
The condition (current-> uid = 0) is supposed to be read by a reader as a particularly naive comparison “if the user ID of the process is 0 (root)” but actually means in C allocation “number User process becomes 0 (root). The result is that if this function sys_wait4 () was called with fake parameters __WCLONE | __WALL, the process took the identity of root, the level of user with maximum access rights.
This change was designed to take advantage of confusion between various programming languages, where the symbol of comparing two values is the sign = (Pascal, Ada, ML etc.) and others where it is the double equal == who plays this role (C, C + +, Java etc.), the equals sign signifying an assignment of a value to a given.
This change was unlikely to pass unnoticed, as this type of error is very compatible with the level of computer programmers working on the Linux kernel. The C language is the programming language most used in the systems of the Unix family, very few users would not let beginners take.
Moreover, the process of collective development of software (especially free software) requires that every change is validated, and it does so have a legitimate justification. Thus, any change, however small it is, appears in the last and raises legitimate questions if she does not have a clear rationale.
“Backdoor” In theaters
The scenario of the film WarGames is a backdoor. The developer of a military computer system inserts a backdoor in the form of a password undocumented leading thereto. This password also allows access to non-documented features of the program, which gives the system of arms control the appearance of a video game simulation war.
Study: From Wikipedia, the free encyclopedia. The text is available under the Creative Commons.
Related posts: