Backdoors, Rootkits and Spyware

Stealthy ninjas in your disk!

Backdoor

Code that, as the name suggests, opens a back door on the system for the attacker to bypass authentication procedures and grants remote access to the compromised system. Used as a persistence feature once the system is breached, "leaving the door in the back opened" or to give a remote shell that will enable the attacker to execute commands, upload/download data and facilitate other attacks. Can be deployed as a single command line or as a script that will stay on the system

Rootkit

Malware consisting in a collection of tools, a "kit", with the objective to stay hidden or even take control of the detection systems and grant administration privileges (root) and total remote control of the machine to the attacker. It usually takes the appearance of an OS file and remains undetected by modifying system files, intercepting system calls or using kernel-level hooks. Once inside it escalates privileges, grants a backdoor and gives remote control to the attacker. They are designed to attach at a very low level, so they will survive system reboots and remain installed for a long period of time.

Spyware

Malware specifically designed to collect information about the user/organization without their knowledge or consent. The specific functions of a spyware may vary and they can be very sophisticated, but the most popular ones include keylogging, tracking internet browsing, collecting search history, accessing personal files, monitoring email messages or even record the webcam/microphone of the victim.

Spyware is often distributed through untrustworthy software downloads or phishing emails with malicious links. Once installed it tries to operate covertly, avoiding detection to stay persistent and recollect as much data as possible. Once the criminal has enough data on the victim, he can then proceed to escalate the attack to black mailing, stealing money with stolen credentials, take full control of the system, impersonate the victim...