Backdoors
Abackdooris a type of malicious software that creates a (usually covert) access
channel that the attacker can use for connecting, controlling, spying, or other-
wise interacting with the victim’s system. Some backdoors come in the form of
actual programs that when executed can enable an attacker to remotely con-
nect to the system and use it for a variety of activities. Other backdoors can
actually be planted into the program source code right from the beginning by
a rogue software developer. If you’re thinking that software vendors double-
check their source code before the product is shipped, think again. The general
rule is that if it works, there’s nothing to worry about. Even if the code was
manually checked, it is possible to bury a backdoor deep within the source
code, in a way that would require an extremely keen eye to notice. It is pre-
cisely these types of problems that make open-source software so attractive—
these things rarely happen in open-source products.Mobile Code
Mobile code is a class of benign programs that are specifically meant to be
mobile and be executed on a large number of systems without being explicitly
installed by end users. Most of today’s mobile programs are designed to create a
more active Web-browsing experience. This includes all kinds of interactive Java
applets and ActiveX controls that allow Web sites to embed highly responsive
animated content, 3-D presentations, and so on. Depending on the specific plat-
form, these programs essentially enable Web sites to quickly download and
launch a program on the end user’s system. In most cases (but not all), the user
receives a confirmation message saying a program is about to be installed and
launched locally. Still, as mentioned earlier, many users seem to “automatically”
click the confirmation button, without even considering the possibility that
potentially malicious code is about to be downloaded into their system.
The term mobile code only determines how the code is distributed and not
the technical details of how it is executed. Certain types of mobile code, such
as Java scripts, are distributed in source code form, which makes them far eas-
ier to dissect. Others, such as ActiveX components, are conventional PE exe-
cutables that contain native IA-32 machine code—these are probably the most
difficult to analyze. Finally, some mobile code components, such as Java
applets, are presented in bytecode form, which makes them highly vulnerable
to decompilation and reverse engineering.Adware/Spyware
This is a relatively new category of malicious programs that has become
extremely popular. There are several different types of programs that are part276 Chapter 8