Vulnerability-Based Backdoors: Threats from Two-step Trojans

Attackers like to install trojans in a target system to control it. However, it becomes more and more difficult to deceive a user into installing such trojans. One reason is that antivirus software uses more strict policies on the first run of unknown software. The other reason is that users also become more cautious. Some attackers try to find system vulnerabilities to evade the antivirus software and users. But it is not easy to find suitable vulnerabilities because they are usually patched in a short time. In this paper, we present a new type of threat called vulnerability-based backdoor (VBB). It is a two-step trojan. In the first step, attackers deceive users into installing an application. This application is transformed from the original one such as “Adobe PDF Reader” by only creating one or more vulnerabilities in it. It runs as a normal one without any malicious code. So it can escape the detection of antivirus software and users. In the second step, attackers can make use of the vulnerability and control the target system just as they use a pre-existing vulnerability. We present a method to automatically create a VBB in several minutes. In this process, no source code is needed. VBB is stable enough to reside in a system for a long time since it does not conflict with operating systems, antivirus software, other backdoors or even other VBBs. We also show how to prevent VBBs.