A backdoor is a remote administration tool (RAT) that allows a user to access and control a computer, usually remotely over a network or the Internet.
While backdoors can be used for legitimate activities by authorized administrators, they can also be used by attackers to gain control of a computer or device without the knowledge or consent of its user or administrator.
Attackers can distribute a backdoor to potential victims in numerous ways - for example, as part of the payload for a worm or trojan; as a disguised file attached to a spam email; as a file shared on peer-to-peer (P2P) networks, and so on.
Attackers typically rely on either social engineering or exploiting a vulnerability to install the backdoor on a computer.
A backdoor is usually able to gain control of a system because it exploits undocumented processes or features in an operating system or installed program. Depending on how sophisticated a backdoor program is, it can perform actions such as:
- Sending and receiving files
- Browsing through the hard drives and network drives
- Getting system information
- Taking screenshots
- Changing the date/time and settings
- Playing tricks like opening and closing the DVD drive