202 Chapter 8 ■ Trojans, Viruses, Worms, and Covert Channels
■ Trojan Man merges programs and can encrypt the new package in order to bypass
antivirus programs.
■ Teflon Oil Patch is designed to bind Trojans to a specified file in order to defeat Trojan-
detection applications.
■ Restorator was designed originally with the best of intentions but is now used for less-
than-honorable purposes. It can add a payload to, for example, a seemingly harmless
screen saver, before it is forwarded to the victim.
■ Firekiller 2000 is designed to be used with other applications when wrapped. This
application disables firewall and antivirus software. Programs such as Norton
Antivirus and McAfee VirusScan were vulnerable targets prior to being patched.Trojan Construction Kits
Much as for viruses and worms, several construction kits are available that allow for the
rapid creation and deployment of Trojans. The availability of these kits has made designing
and deploying malware easier than ever before:
■ Trojan construction kit—One of the best examples of a relatively easy to use, but
potentially destructive, tool. This kit is command-line based, which may make it a little
less accessible to the average person, but it is nonetheless very capable in the right hands.
With a little effort, it is possible to build a Trojan that can engage in destructive behavior
such as destroying partition tables, master boot records (MBRs), and hard drives.
■ Senna Spy—Another Trojan-creation kit that provides custom options, such as file
transfer, executing DOS commands, keyboard control, and list and control processes.
■ Stealth tool—A program used not to create Trojans, but to assist them in hiding. In
practice, this tool is used to alter the target file by moving bytes, changing headers,
splitting files, and combining files.Backdoors
Many attackers gain access to their target system through a backdoor. The owner of a system
compromised in this way may have no indication that someone else is using the system.
When implemented, a backdoor typically achieves one or more of the following key goals:
■ Lets an attacker access a system later by bypassing any countermeasures the system
owner may have placed.
■ Provides the ability to gain access to a system while keeping a low profile. This allows
an attacker to access a system and circumvent logging and other detective methods.
■ Provides the ability to access a system with minimal effort in the least amount of time.
Under the right conditions, a backdoor lets an attacker gain access to a system without
having to re-hack.
Some common backdoors that are placed on a system are of the following types and
purposes:
■ Password-cracking backdoor—Backdoors of this type rely on an attacker uncovering
and exploiting weak passwords that have been configured by the system owner.