What is a Backdoor Trojan?
Backdoor Trojans are prolly one of the most common ways of gaining access to someone’s computer remotely. Notice I did not say hack as many people do not view gaining access in this way as hacking as it requires no skill except in some cases some social engineering to get the victim to install the server on their own PC.

The Trojan part refers to the fact that it normally masquerades as another program. It maybe bound to something useful so that when ran it appears to be a perfectly normal program but in actual fact the backdoor part of the package installs itself on your system in secret and begins to dial home as soon as you are connected to the internet.

There are several different types of backdoors with new ones appearing all the time but by far the most well known are BO2K and sub7.

For the purposes of this tutorial I will mainly talk about mobman’s sub7 as it has the highest level of infections.

What happens if I get infected?
Although regarded as a virus sub7 really isn’t – it does not attempt to spread itself and relies on the kiddie using it to spread the infection himself.

If you become infected sub7 creates multiple copies of itself as well as installing several hooks so that it is ran on each and every start-up of your computer.

Once you go online it then attempts to contact the owner with such details as ::
  1. Your IP
  2. Port server is listening on
  3. The server Username
  4. The server password
  5. The server name


These details can be sent to the kiddies email, ICQ or via a preset IRC chan/server.
The kiddie can then use these details to connect to the server. By default the newer versions of sub7 listen on port 27374 but this can be changed by the kiddie before he starts to distribute the server.

What happens one connected?
Once the kiddie has connected to the server there are many possibilities open to him as to what he can do. Some of these include ::

  1. Stealing user/pass for internet connections, email etc
  2. Harvesting of CC details if stored on machine in likes of gator
  3. Viewing IM conversations
  4. Keylogging
  5. Viewing webcam if connected
  6. Viewing victims desktop
  7. Control of mouse/keyboard
  8. Moving/copying/deleting of files
  9. Set up your pc as an ftp server
  10. Port redirect (turning your PC into a proxy server)
  11. Upload and installation of files


basically what they can do is not limited – they might as well be sitting in front of your computer in person.

How do I stop myself getting infected?
Always verify any download sources. If downloading something try wherever possible to get it from the manufactures website. Always scan all downloads with an updated antivirus prog. Also just because you have received an attachment from someone you know do not automatically trust it. They may have been infected themselves and the kiddie could be using their email account to spread the Trojan to people in the victims address book.
When receiving email attachments from friends always ask yourself was it something you were expecting? Does it look like something they would send you?

If you receive an email from your grandma saying “Wow you gotta see these hot britney nude pics” there maybe something a tad odd going on (depends on who your grandma is I suppose )

Locking out the Trojans
First thing you need to do is get an antivirus program and keep it updated – new virii and Trojans are produced daily so there is no point in protecting yourself against the old ones while allowing the new ones to roam free through your HD.

I also suggest doing a full scan with something like the cleaner (www.moosoft.com) to check for any Trojans present on your computer.

Get a firewall – this can help block the Trojan from dialling home or accepting a connection from its owner. Plus if your firewall starts going nuts when you go online with some prog looking to make an outgoing connection it may alert you that something is going on.

What other Trojans are there?
There is no way I could go through them all here
But a very good site to take a look at is http://www.simovits.com/trojans/trojans.html
It gives a listing of known Trojans and default ports as well s information on each

v_Ln