|
Hidden
BackDoor Programs
When
LockDown Millennium detects a program that is an Internet
server, you should pay close attention. Programs may
be detected as Internet servers because they have some kind
of function for online registration, network functions or
a command in the program that sends an email or some other
online operation. Be sure that you trust the program and
the vendor before using such programs. If you ever decide
to use such a program, watch for open listening ports and
connections coming from other computers while you are using
the program. We recommend that you configure your
connection monitor for sound so that you are aware of any
connections being made while running a program that is detected
as an Internet server and that you may be unsure of.
These
Hidden Trusted Servers Are Not Detected By Other Firewalls
With
other Internet firewalls when you trust an Internet server,
hackers can make connections to the trusted server and the
firewall would ignore those connections and never alert
you to them. Be aware that the programmer of any of
your trusted programs could have put a backdoor into the
program that will allow connections to your computer and
allow access your files without your knowledge.
NetSnooper
GOLD Version 1.60 Exposed
There
are many such backdoor programs already in existance, we
stress that you watch all of your programs with the connection
monitor to be sure that connections are not being made,
or that data is not being sent over the Internet when questionable
programs are in use. An example of one such program that
we have found is called Netsnooper Gold. If you do
a search on the net you will find this program well in use.
It will be found on download sites described as:
NetSnooper
GOLD
- A port scanner and listener, network monitoring tool
and more...
The
program shown above is called Netsnooper Gold v1.6 and is
used to scan for default trojan ports and find infected
machines. A great type of program for this type of
trojan attack because it is opening many ports. Once
the program is started, it will start opening ports and
making connections to computers. If someone tries
to keep up with the many connections that it was making
and ports that it was opening, it would be almost impossible
to keep track of them all.
The
person that programmed this port scanner had this in mind
when he put a timer on his listening port. After about a
minute of the program being open will open port 6701 and
listen on it for any connections to be made. Anyone that
starts the program and starts to use it would easily miss
this port being opened. After the port is opened the
Netsnooper Gold program will send out two ICQ notify messages
that contain ICQ password and UIN information including
the local IP address of the person using the Netsnooper
program. The author now has all of the information
needed to connect to your machine and start uploading or
downloading files.
The
Secret Window.
If
you put the right password in New Pass: and then right click
your mouse on the devil head, a secret window will open
as shown below.
If
you were running the Netsnooper Gold program, the hacker
can now connect to your computer by typing in your IP address
and clicking on the "Connect" button. Once
he is connected he can upload trojans, delete, move, rename,
download or execute program files. If you are using the
average firewall program none of these connections will
be reported because you have trusted the program.
LockDown
Millennium will show the connections being made in the Connection
Monitor.
Help
To Get This Information Out
You
can help by informing your friends and to have this link
and the others listed on this page added to as many web
pages as possible. There are to many people being fooled
into trusting security programs that claim to provide the
protection needed, while the entire time the hacker is still
in control of their computer. More
information about LockDown Millennium
|
