Once an attacker gains access to the target system, the attacker can choose to use both the system and its resources and further use the system as a launch pad to scan and exploit other systems, or he can keep a low profile and continue exploiting the system. Both these actions can damage the organization. For instance, the attacker can implement a sniffer to capture all network traffic, including telnet and ftp sessions with other systems.
Attackers who choose to remain undetected remove evidence of their entry and use a back door or a Trojan to gain repeat access. They can also install rootkits at the kernel level to gain super user access. Rootkits gain access at the operating system level while a Trojan horse gains access at the application level. Both rootkits and Trojans depend on users to install them. Within Windows’ systems, most Trojans install themselves as a service and run as a local system, which has administrative access.
Attackers can use Trojan horses to transfer user names, passwords, and even credit card information stored on the system. They can maintain control over “their” system for a long time by “hardening” the system against other attackers, and sometimes, in the process, do render some degree of protection to the system from other attacks. They can then use their access to steal data, consume CPU cycles, and trade sensitive information or even resort to extortion.
Organizations can use intrusion detection systems or deploy honeypots and honeynets to detect intruders. The latter though is not recommended unless the organization has the required security professional to leverage the concept for protection.