1. CS 450 - Nathan Digangi

2.  Secret, undocumented routine embedded within a useful program  Execution of the program results in execution of secret code  Not self-replicating (except when attached to a worm)  Hidden in seemingly legitimate applications, activeX controls, or other program exploits

3.  Botnet node  Data theft  File modification  Keystroke logging  Screen captures  Backdoors  RAT – Remote Access Tool or Remote Administration Tool  Widely used by “Script Kiddies”

4.  2004  Nuclear RAT (Remote Administration Tool) – Windows NT kernel backdoor  Vundo – Popup advertisements and DOS attacks  Bitfrost – Windows backdoor  2005  Zlob – Popup advertisements. Disguises itself as required video codec  Bandook RAT – Windows backdoor. Uses process hijacking and kernel patching to bypass firewalls  2006  Leap or Oompa Loompa – First ever Mac OSX malware trojan that is spread through a worm using iChat  2007  Storm Worm – Botnet trojan spread through an email worm  2008  Mocmex – Trojan that infected digital photo frames  Torpig – Turns off antivirus, steals data, and installs more malware  Bohmini.A – backdoor RAT that exploits security flaws in Adobe Flash 9.0.115 with Internet Explorer 7.0 and Firefox 2.0 under Windows XP SP2.  2010  Alureon – Trojan and rootkit that intercepts system network traffic and searches it for usernames, passwords, and credit card data. Caused BSoD problems after a Patch Tuesday update.

5.  Bypass normal authentication, security, and access routines (RAT)  Provide secret functionality or hidden areas in a program (Easter Eggs)  Symmetric backdoor – Anyone can use the backdoor who finds it, usually by port scanning  Asymmetric backdoor – can only be used by the attacker who plants it because of the use of encryption methods. (more difficult to detect)

6.  Sobig and Mydoom – Worms that installed a backdoor used for spamming  Sony BMG rootkit – distributed on millions of CDs in 2005 as copy protection.  Silently installed itself automatically on windows computers to change the way the CD played and collect usage data  Caused resource drain and created security holes that could be exploited by malware  Beast – Windows NAT with a GUI client and a built-in firewall bypasser and the ability to disable antivirus  Sub7 – Windows NAT with GUI client and a robust set of features. New version released on March 9 th.

7.  Netbus  RAT  Server installed via a Trojan horse  In 1999, NetBus was used to plant child pornography on the work computer of a law scholar at Lund University. The 3,500 images were discovered by system administrators, and the law scholar was assumed to have downloaded them knowingly. He lost his research position at the faculty, and following the publication of his name fled the country and had to seek professional medical care to cope with the stress. He was acquitted from criminal charges in late 2004, as a court found that NetBus had been used to control his computer.

8.  Back Orifice (BO) - 1998  RAT  Created by a Hacker organization called the “Cult of The Dead Cow”  Designed to demonstrate the lack of Security in Windows  Script Kiddies

10.  Wikipedia  BitDefender.com  Dmoz.org (Open Directory Project)  Security in Computing (Pfleeger & Pfleeger)  Lecture Slides