Backdoors types

ChemicalB

Level 8
Thread author
Verified
Sep 14, 2018
360
Just studying a bit about the malware behaviour (just for fun) and I've seen there are two types of backdoors:

- common backdoors
- reverse shell backdoors

Then a common backdoor opens a port on the host, staying in listening mode, and when it receives a connection, it uses that to start a shell.

A reverse shell backdoor is a backdoor that during its runtime automatically connects to the IP of the attacker.

Then the backdoor is mainly divided into two groups, those awaiting connection from the attacker, then the victim is the server; and those in which the attackers are the server by starting a listener on their machine and waiting for the connection from the victim.

I think the backdoors are among the most dangerous malware because if not detected, can compromise our sensitive data.
 
5

509322

Just studying a bit about the malware behaviour (just for fun) and I've seen there are two types of backdoors:

- common backdoors
- reverse shell backdoors

Then a common backdoor opens a port on the host, staying in listening mode, and when it receives a connection, it uses that to start a shell.

A reverse shell backdoor is a backdoor that during its runtime automatically connects to the IP of the attacker.

Then the backdoor is mainly divided into two groups, those awaiting connection from the attacker, then the victim is the server; and those in which the attackers are the server by starting a listener on their machine and waiting for the connection from the victim.

I think the backdoors are among the most dangerous malware because if not detected, can compromise our sensitive data.

Common backdoor generally is when a program runs as a server on your system. It listens on an active port.

Reverse shell backdoor would be, for example, when using one of the many exploit attack platforms such as Metaslploit, Meterpreter, PowerShell Empire, PowerSploit, etc. Once the stager is run, it connects back to the attacker. It can be configured to listen, to check-in, to send data on schedule, the attacker can connect manually, etc. Lots of flexibility there.

Dynamic protection is dynamically going out of business.

Contrary to what some developer says, blocking the reverse shell does not block the exploit. The exploit has already happened and the system is fully compromised; too little, too late. So they shouldn't be falsely claiming a protection event when it just ain't true. The attacker can possibly leverage the existing exploit to probe around further and find alternate attack routes. Eventually, they could disable all security. That's how it happens.
 
Last edited by a moderator:
D

Deleted member 178

Contrary to what some developer says, blocking the reverse shell does not block the exploit. The exploit has already happened and the system is fully compromised; too little, too late. So they shouldn't be falsely claiming a protection event when it just ain't true. The
Exactly.
As if a field war medic (security apps) stopping the bleeding (reverse shell) from a severe wound (code injection) made by a bullet (exploit) would nullify the wound and the fact that the victim (system) has been hit...not saying the bullet could have hit an internal organ and the medic wouldnt be aware of it and let the victim's life still in danger.

To resume simply, all malware act based on an attack chain, preventing a particular event in the chain to happen doesn't nullify the previous events leading to that event, it just prevent the following ones to occur.

There is no magic in computer.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top