|
Hidden
BackDoor Programs
When
Hacker Eliminator detects a program that is an Internet
server, you should pay close attention. Programs may
be detected as Internet servers because they have some kind
of function for online registration, network functions or
a command in the program that sends an email or some other
online operation. Be sure that you trust the program and
the vendor before using such programs. If you ever decide
to use such a program, watch for open listening ports and
connections coming from other computers while you are using
the program. We recommend that you configure your
connection monitor for sound so that you are aware of any
connections being made while running a program that is detected
as an Internet server and that you may be unsure of.
These
Hidden Trusted Servers Are Not Detected By Other Firewalls
With
other Internet firewalls when you trust an Internet server,
hackers can make connections to the trusted server and the
firewall would ignore those connections and never alert
you to them. Be aware that the programmer of any of
your trusted programs could have put a backdoor into the
program that will allow connections to your computer and
allow access your files without your knowledge.
NetSnooper
GOLD Version 1.60 Exposed
There
are many such backdoor programs already in existance, we
stress that you watch all of your programs with the connection
monitor that comes with Hacker Eliminator to be sure that
connections are not being made, or that data is not being
sent over the Internet when questionable programs are in
use. An example of one such program that we have found is
called Netsnooper Gold. If you do a search on the
net you will find this program well in use. It will be found
on download sites described as:
NetSnooper
GOLD
- A port scanner and listener, network monitoring tool
and more...
The
program shown above is called Netsnooper Gold v1.6 and is
used to scan for default trojan ports and find infected
machines. A great program for this type of trojan
attack because it is opening many ports. Once the
program is started, it will start opening ports and making
connections to computers. If someone tries to keep
up with the many connections that it was making and ports
that it was opening, it would be almost impossible to keep
track of them all.
The
person that programmed this port scanner had this in mind
when he put a timer on his listening port. After about a
minute of the program being open will open port 6701 and
listen on it for any connections to be made. Anyone that
starts the program and starts to use it would easily miss
this port being opened. After the port is opened the
Netsnooper Gold program will send out two ICQ notify messages
that contain ICQ password and UIN information including
the local IP address of the person using the Netsnooper
program. The author now has all of the information
needed to connect to your machine and start uploading or
downloading files.
The
Secret Window.
If
you put the right password in New Pass: and then right click
your mouse on the devil head, a secret window will open
as shown below.
If
you were running the Netsnooper Gold program, the hacker
can now connect to your computer by typing in your IP address
and clicking on the "Connect" button. Once
he is connected he can upload trojans, delete, move, rename,
download or execute program files. If you are using a firewall
program none of these connections will be reported because
you have trusted the program.
Hacker
Eliminator will show the connections being made in the Connection
Window.
|