While backdoors can be used for legitimate activities by authorized administrators, they can also be used by attackers to gain control of a computer or device without the knowledge or consent of its user or administrator.
A typical backdoor consists of 2 components - the server program, which can be installed on multiple computers, and the client program that can be used to control one or all the servers.
Attackers can distribute copies of the server program to potential victims in numerous ways - for example, as part of the payload for a worm or trojan; as a disguised file attached to a spam email; as a file shared on peer-to-peer (P2P) networks, and so on.
Attackers typically rely on either social engineering or exploiting a vulnerability to install the backdoor on a computer. Once the server program is installed, it will open a network port and communicate with the client program. An attacker can then use the client to issue commands to the machine.
A backdoor is usually able to gain control of a system because it exploits undocumented processes or features in an operating system or installed program. Depending on how sophisticated a backdoor program is, it can perform actions such as:
- Sending and receiving files
- Getting system information
- Changing the system settings
- Taking screenshots
- Playing tricks like opening and closing the DVD drive
and so on.