Backdoor: What is it?
Sometimes, they can be installed voluntarily to provide access to remote users. When the term applies to malware, however, backdoor viruses are those that hackers use to access a computer's functions undetected and operate in the background. These viruses are really a combination of different security threats, some of which can be controlled remotely.
How do they spread?
Backdoors are often introduced on systems thanks to other harmful programs such as Trojans, viruses or even spyware. They manage to obtain access without the knowledge of administrators and then infect the sessions of all users of the compromised network. Some threats are sometimes planted by users with privileges in order to obtain access at a later date.
Some backdoors are integrated in specific applications. Sometimes legitimate programs can have vulnerabilities that are not documented and can allow remote access. In such cases, attackers still need some means of contacting with the compromised computer to obtain unauthorized access to the system.
Users themselves can inadvertently install backdoors on their computers. A backdoor virus can be attached to file sharing applications or emails. Techniques similar to scareware and ransomware are used.
Some backdoors take advantage of specific vulnerabilities in remote systems, either on computers or the network.
What harm can they do?
Viruses that enter through backdoors often have additional destructive capabilities, such as taking screenshots, keylogging or infecting and encrypting files. A backdoor allows an intruder to create, delete, rename, edit or copy any file, execute commands, change system settings, delete Windows registry entries, run, control and terminate applications, or install new malware.
Similarly, they can enable attackers to take control of hardware devices, modify related settings, restart or switch off a computer without permission and steal confidential data, passwords, login details, personal information and other important documents.
Some backdoor attacks profit from recording users' movements on the Web and browsing habits or infecting files, damaging the system and corrupting applications.
Examples of backdoor attacks
One such example is Sticky Attacks, detected by PandaLabs in 2017. In this case, the attackers used a brute force attack against a server with Remote Desktop Protocol (RDP) enabled and managed to obtain the credentials to access the computer. Then, the cyber-criminals used operating system scripts and tools to go undetected and install a simple backdoor.
Even if victims realize they have been compromised and change the passwords for the Remote Desktop, attackers can use the Sticky Keys to access the computer without having to re-enter the login credentials.
Another recent example is DoublePulsar, a tool for implementing backdoors developed by the U.S. National Security Agency (NSA) which was leaked and used by the Shadow Brokers hacker group in early 2017. It has been claimed that this tool infected more than 200,000 computers with Microsoft Windows in just a few weeks and was used along with EternalBlue in the WannaCry attack in May 2017.