3 Oct, 2007 Posted by Blair in Security
Is your system infected with a backdoor trojan, or remote access trojan? Maybe you received a warning from your antivirus, antispyware application, or someone helping you? What is a backdoor trojan, and why should you be concerned?
A trojan is a malicious application that appears to do one thing, but actually does another. Like it’s name sake, the mythical Trojan Horse, malicious code is hidden in a program or file that appears useful, interesting, or harmless. Popular examples are video codecs that some sites require to view online videos. When the codec is installed, it may also install spyware or other malicious software.
A backdoor trojan differs from a trojan in that it also opens a backdoor to your system. They’re also sometimes call Remote Access Trojans (RAT). These are the most widespread and also the most dangerous type of trojan. They are so dangerous because the have the potential to allow remote adminstration of your system. As if a hacker were sitting at your keyboard, only worse. There’s almost no limit to what they can do. Some common uses:
- Use your system and Internet connection to send spam (yes, the majority of spam is now generated by infected systems).
- Steal your online and offline passwords, credit card numbers, address, phone number, and
- other information stored on your computer that could be used for identity theft, or other financial fraud.
- Log your activity, read email, view and download contents of documents, pictures, videos and other private data.
- Use your computer and Internet connection, in conjunction with others to launch Distributed Denial of Service (DDoS) attacks.
- Modify system files, disable antivirus, delete files, change system settings, to cover tracks, or just to wreak havoc.
If you suspect you’re infected with a backdoor trojan, the first thing you should do is disconnect from the Internet to protect yourself, and others. At a minimum install a firewall that will monitor inbound and outbound activity (we recommend Comodo’s free version).
Because backdoor trojans have the potential to gain such complete control of a system, and install malicious code that may not be detectable, it’s wise to consider reformatting any system that’s been infected. However, many home users lack adequate backups, and backups from an uninfected system will likely be infected too. It’s also a large, time consuming job to reformat, reinstall the operating system, all applications, and restore backups.
The good news is that most common backdoor trojans are installed and controlled by bots (other infected computers, or automated scripts), not humans. Rarely does a hacker actually take control of a system. Because these bots use known malicious code and techniques, it’s usually possible for someone knowledgeable to completely remove them.
The bad news is that if you’re one of the unlucky few, the potential for damage to your credit rating, financial loss, or loss of proprietary and professional data can be great.
If you chose to receive help with a backdoor trojan from someone online, at a computer repair shop etc., we recommend that you do the following:
- Since these infections may be used for remote access, or even remote control of an infected system, temporarily disconnect it from the Internet as soon as possible.
- If you don’t have access to another system, and require Internet access, be sure to have a firewall installed. We recommend the free version of Comodo. Note: never run more than one firewall.
- If you used the infected system for online banking, to perform any online financial transactions (including eBay and Paypal), or access any sensitive information online, please get to a known clean computer and change your passwords as soon as possible. It would also be wise to contact those same financial institutions to let them know your account information and passwords may have been compromised.
- Closely monitor all bank and credit card statements. In the event you do notice suspicious activity, it’s important you act quickly. Follow these steps recommended by the FTC: Defend: Recover From Identity Theft.
Should I reformat and reinstall, or disinfect?
If you have adequate backups of files including important documents, pictures, emails, contacts, etc., the installation media for your operating system and applications, as well as the technical ability required, then we strongly recommend reformatting and reinstalling. In addition, if your system contains confidential data, or third party personal information for clients, patients, customers, or your employer, you have a responsibility to protect that data. If at all possible, reformat and reinstall.