Backdoors explained

Article:TECH91216  |  Created: 2008-01-03  |  Updated: 2011-06-07  |  Article URL http://www.symantec.com/docs/TECH91216
Article Type
Technical Solution


Issue



What are the ramifications of having been infected with malware with a backdoor component?

 


Cause



Your antivirus solution has detected malicious code infecting your computer. Upon reading the writeup for the threat, you see that it contains backdoor capabilities.


Solution



Backdoors are a particular method for malicious code to affect your computer. Malware with backdoors can permit unauthorized users to perform actions on your system that you may not wish. In short, if your computer has hosted malware with a backdoor component, the computer's security integrity has been compromised as there is no means for confirming if the backdoor has been actively used but the potential is present.

Removing the malware from your system is an excellent first step and is only a short-term means for addressing the situation. Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system.

Some effects possible using a backdoor include:
 

  • new users/groups added
  • additional programs loaded
  • new shares established
  • permissions altered/increased
  • data altered
  • core operating system functions could be altered


There are only a few ways to return a compromised system to a confident security configuration. These include:
 

  • Reimaging the system
  • Restoring the entire system using a full system backup from before the backdoor infection
  • Reformatting and reinstalling the system


Installing a new version of the operating system over the compromised operating is not a good solution as files may have been altered that could affect the new system. Even copying business critical information from a compromised system is a risk as that data may have been altered in some manner by use of the backdoor.



 



Legacy ID



2008120313315548


Article URL http://www.symantec.com/docs/TECH91216


Terms of use for this information are found in Legal Notices