Just studying a bit about the malware behaviour (just for fun) and I've seen there are two types of backdoors:
- common backdoors
- reverse shell backdoors
Then a common backdoor opens a port on the host, staying in listening mode, and when it receives a connection, it uses that to start a shell.
A reverse shell backdoor is a backdoor that during its runtime automatically connects to the IP of the attacker.
Then the backdoor is mainly divided into two groups, those awaiting connection from the attacker, then the victim is the server; and those in which the attackers are the server by starting a listener on their machine and waiting for the connection from the victim.
I think the backdoors are among the most dangerous malware because if not detected, can compromise our sensitive data.
- common backdoors
- reverse shell backdoors
Then a common backdoor opens a port on the host, staying in listening mode, and when it receives a connection, it uses that to start a shell.
A reverse shell backdoor is a backdoor that during its runtime automatically connects to the IP of the attacker.
Then the backdoor is mainly divided into two groups, those awaiting connection from the attacker, then the victim is the server; and those in which the attackers are the server by starting a listener on their machine and waiting for the connection from the victim.
I think the backdoors are among the most dangerous malware because if not detected, can compromise our sensitive data.