Easy way to set up a Local Backdoor

2009/01/04 - [TechnoBabbler] - 간단하게 심어두는 로컬 백도어...

I read a article regarding setting up a local backdoor at Security-China web portal. It is a smart method although it isn't a high technology. I will describe how to install local backdoor in 1 minute and protect your computer.

Sometimes you can see the following dialog when you push your keyboards randomly. It is the StickyKeys that is installed by Windows to help you customize your special keys. StickyKeys is displayed when you push <SHIFT> key five times in a row.

 

sethc.exe

StickyKeys is <SYSTEM32>\sethc.exe process. You can see the process in the following image, Windows Task Manager. It is a normal process. I mean it isn't harmful to your system. But the problem is that the process is executed by pushing <SHIFT> keys even though you are not log-ined. So a hacker is able to install a backdoor as a name of sethc.exe in the System32 directory, then the hacker can do whatever he want to do at any time by executing the backdoor. No log-on is required. More importantly, the process is executed as a Administrator permission. I don't know the reason exactly.

 

sethc.exe in the Task Manager

So you should turn the keyboard shortcut off.

 

Disable StickyKeys shortcut

Press <SHIFT> keys 5 times in a row, then StickyKeys dialog will be displayed. Click [Settings] button and click [Settings] in the Key tab. Uncheck [Use shortcut] check-box in the Settings for StickyKeys dialog. That's it. Close the dialog and press <SHIFT> keys 5 times again to make it sure.