hi security question
ok is there a way for confidential information to be sent from one computer to the other without the use of a backdoor trojan, can they be so precise as to actually store a file information on your computer and send them once at a random period of the day makling it harder to track if there is someone that has remote access to your computer? ok next question Lets say i set up a backdoor trojan on someones computer, and mask the program as lets say aim2.exe and send all the information through port 2020 to my computer. is there a way to mask this so it wont show up in a netstat command issued in command prompt?
I wanna be ccie
Comments
-
cashew Member Posts: 122 ■■□□□□□□□□There are all kinds of programs that can do just about anything. I played around with some where you can actually change the process name (trojan.exe will display as explorer.exe). I don't know any off the top of my head, but I guess it is possible to spoof a port in netstat, but not likely.
Think of a rootkit as a trojan on steriods. It loads with your operating system by attaching itself to a critcal system file (winload.exe, winresume.exe, msgina.dll,etc.). After it's attached, it will make the filesize show the same as if the file is not infected. Since they are critical files, you cannot overwrite them, while booted into windows atleast.
Since it begins its activation through a critical windows boot file, it will always be activated when windows boots. right before the anti virus boots. Once its running it's very hard to detect. You should have a SIV (System Integrity Verifier) running on your machine, something like GFI LANguard System Integrity Monitor. Basically, it can verify that your files have not been modified.
I have a paranoid friend who rarely uses windows, but when he boots to it he boots to a command prompt first. He then copies over the basic critical files in windows (if windows is not loaded, the files will not be locked). Huge overkill, but one of making sure you're secure.