Users Asks: Signs of a backdoor Trojan ?

Hello all…. I go by the handle of ‘antibotnet’ at Yahoo Answers > Security. Here is a helpful question and answer I thought to share…

QUESTION:
Signs of a backdoor Trojan?
If i had a backdoor intruder on my machine what would i notice to make me suspicious?
http://answers.yahoo.com/question/index?qid=20120328132628AA1JHMk

MY ANSWER:

In older days going back at least five years ago and more, malware was practically always obvious as to “something seems to be running in the background”. This is because computers were much smaller and specifically with RAM Memory which is kind of a cache of memory used by like all the start up programs you see the little icons for down in the lower right system tray and running programs. RAM Memory was very small at the release of Windows XP (2001) which it was common as from the factory at 256K RAM. This led to the famous coined phrase “512M RAM Upgrade” which was simply adding another 256M RAM memory stick inside the computer, a snap in.

Today it is common to see 1Gig RAM as small and inefficient and probably on now legacy left over com puters for sale. Most new ones are beginning at 2Gig RAM which is 8 times the size as the above XP example at 256M RAM. 3Gig of RAM is quite common place now in new PCs and 4Gig RAM but with expandable to a whopping 8 Gigs !! !

That being said – and adding the upgraded processors that are now dual and quad processors with much higher speeds as standard equipment and being on broadband leaving dial up in the dust as a 56K connection compared to 1M and up to 4G broadband/dsl connectivity speeds – all that being said, it is not that easy at all to ‘SUSPECT SOMETHING RUNNING IN THE BACKGROUND because the PC navigation has bogged down time to time when you are not running stuff.

((NOTE: What of malware bogs down the system ? Spyware that is broadcasting out – copied files, screen snapshots, keylogger data, etc. Mass-mailing worm. Downloader Trojan or Rootkit that are installing more malware. Full blown Botnet Infection that may contain all of the above plus has added some P2P (peer to peer) software and is using the machine to not only download and upload piracy software and files – but also is continually spewing illegal crimewares as viruses and worms and spywares etc.)))

Like you are not mega multi-tasking with like 4 programs open and running. You might have one thing open you are doing and in older days when you additionally where navigating around the system like opening another program or additionally starting up a new email – suddenly the whole system almost would go to a crawl – bogged down navigation, terribly.

THAT was a sure sign there was malware running in the background and generally as spyware or a worm such as a spam worm emailing everyone in an address book of email addresses on the computer.

Backdoor threats as Trojan Downloaders are actually more newer in malware somewhat well after the middle of this past decade. As comparison, these were virtually unheard of going back 7 years and further. Again, because of the larger computer sizes and upgrades – it is much, much more difficult to simply sense a malware as these running in stealth, not naked to the visible eye.

The best thing to do is simply install and use quality antimalware that has both antivirus and antispyware and Real Time Protection processes. Adding a personal software firewall aids that too. Perform Full Scans at least once a week !

What would make you suspicious ? IDTheft, new malware installed and not knowing how – are two suspicious symptoms of backdoor threats. This is what they do.

SEE:

Glossary of Malware
http://www.westcoastlabs.org/
Backdoor – A Backdoor is a secret or undocumented way of gaining access to a program, online service, computer or an entire computer network. Most Backdoors are designed to exploit a vulnerability in a system and open it to future access by an attacker. A Backdoor is a potential security risk in that it allows an attacker to gain unauthorized access to a computer and the files stored thereon.
Source(s):

Threats FAQs
Threats Frequently Asked Questions
http://bluecollarpc.us/Threats_FAQs.html

How to Remove a Backdoor Trojan Computer Virus
http://www.ehow.com/how_5164888_remove-backdoor-trojan-computer-virus.html

Backdoor Santas
http://www.bleepingcomputer.com/tutorials/tutorial41.html

Backdoor.Trojan | Symantec
http://www.symantec.com/security_response/writeup.jsp?docid=2001-062614-1754-99

Trojan Downloader Featured Articles
http://www.ehow.com/trojan-downloader/

Medical Entities as targets of malware

Medical Entities as targets of malware….

Another disturbing report of how malware can affect our very lives at Medical Facilities and related operations (paramedic transport etc. ) …..

Malware disables ambulance response systems
An unspecified malware variant recently disabled the automated response systems of a New Zealand-based ambulance service. The service – which provides 90% of the emergency and non-emergency …..
FULL http://www.tgdaily.com/security-features/59635-malware-disables-ambulance-response-systems

Well the one view is Bill Gates has ruined the world with software computers. Defenses for this type attack – intentional or otherwise – are very complex and the future holds a couple security upgrades which one is that Microsoft plans to completely dump the Windows Operating System and create an entire new one at the 25 year anniversary. The other is one towards some of my recommendations and views in security for entities I hold and have recommended – to move towards setting up their own servers and be their own ISP (Internet Service Provider like AOL, MSN, Earthlink, Juno etc) even using dimished special “web applicances” with limited access (i.e. set up for database access only etc. SEE DEFINITION http://www.pcmag.com/encyclopedia_term/0,2542,t=Internet+appliance&i=45195,00.asp#fbid=mZ9KI5RdBTu …..as opposed to business computers . The servers would be the major investment but American upper class shareholders are to greedy most likely for profit’s sake to ever invest.

But, being their own ISP owning and operating their own servers leaves out all other internet traffic and being at the mercy of the defense abilities of the current world wide web servers and ISPs – which we plainly see are responsible for this fiasco that has occurred. YES they did have a “default” manual system they were able to fall back to very very very luckily.

QUOTED “Back-up systems immediately took over when it was detected and the workload was managed manually.”

Had it not been the medical system, no doubt the malware attack would have targeted and comprimised many personal data accounts for purposes of ID Theft and may have been the actual target of the malware but was an ooops by malware dummies.. These type attacks when intentional many times direct intentional attacks at entities and is frightening as they can move towards like the past “interstate shooters” in Maryland I think it was a couple years ago where the two, father and son, were shooting and killing people on the interstate and then called into Police to demand ransom to stop it. There is not enough Agency (internet cops) in America yet to police these things with hard sentences and even death penalties where deserved such as this one where obviously lives were put at risk by them – and all in all if death (s ) had occurred and because of them with precoignitive malice for illicit profit via murder and voluntary and involuntary manslughter.

QUOTED “Although the malware did not seem to specifically target the ambulance service, the incident is obviously not the first time a medical entity has been affected by viruses or worms.

As Sophos security expert Graham Cluley notes, the Mytob worm hit a number of London hospitals in 2008, while the Northwest Hospital and Medical Center in north Seattle was affected by a 2005 attack which shut down computers in the facility’s intensive care unit and prevented pagers from working properly. ”

webmaster http://bluecollarpc.us/

BlueCollarPC.US Malware Removal / Amatuer Forensics / Since 2005

%d bloggers like this: