adam's notes

Backdoors and Remote Access Trojans

Backdoor is a mechanism for gaining access to a computer that bypasses or subverts the normal method of authentication.

Remote access trojan (RAT) is malware that creates a backdoor remote administration channel to allow a threat actor to access and control the infected host.

  • once installed, threat actor can access the host for further action
  • RAT can also stand for remote administration tool
    • a host under malicious control is called a zombie

A bot is an automated script or tool that performs some malicious activity.

a botnet is a group of hosts or devices that has been infected by a control program called a bot, which enables attackers to exploit the hosts to mount attacks.

  • can be used to:
    • trigger DDoS
    • launch spam
    • perform cryptomining

Command and control (C2 or C&C) is an infrastructure of hosts and services with which attackers direct, distribute, and control malware over botnets.

  • compromised host must have network connection to C2
    • is best way to identify the presence of a RAT, backdoor, or bot
  • can be implemented as a cover channel to evade detection and filtering

Internet Relay Chat (IRC) is a group communications protocol that enables users to chat, send private messages, and share files.

Graph View

Backlinks