Recommandé
Contenu connexe
Tendances
Tendances (20)
Similaire à Rootkits
Similaire à Rootkits (20)
Dernier
Dernier (20)
Rootkits
- 1. Rootkits
- 2. What is a rootkit? a collection of tools used by hackers to gain administrative privileges on compromised machines used to help hide other forms of malware.
- 3. What does it do? allows someone, either legitimate or malicious, to maintain command and control over a computer system, without the computer system user knowing about it. owner of the rootkit can execute files and changing system configurations on the target machine. Can access log files or monitor activity to covertly spy on the user's computer usage. **There are legitimate uses for rootkits too.
- 4. How does it work? rootkits are just one component of what is called a blended threat. Blended threats typically consist of three snippets of code: 1. a dropper 2. loader 3. rootkit. The dropper is the code that gets the rootkit's installation started. Once initiated, the dropper launches the loader program and then deletes itself. the loader causes a buffer overflow, which loads the rootkit into memory.
- 5. How blend threat get to your computer? through social engineering exploiting known vulnerabilities even from brute forcing.
- 6. Types of rootkits User-mode rootkits run on a computer with administrative privileges. This allows to alter security and hide processes, files, system drivers, network ports, and even system services. These rootkits remain installed on the infected computer by copying required files to the computer's hard drive, automatically launching with every system boot. **These rootkits will be detected by the anti-malware software.
- 7. Kernel-mode rootkit Will place the rootkit on the same level as the operating system and rootkit detection software. OS can no longer be trusted. One kernel-mode rootkit that's getting lots of attention is the Da IOS rootkit **windows blue screen error might be caused by these rootkits. User-mode/kernel-mode hybrid rootkit A hybrid rootkit that combines user-mode characteristics (easy to use and stable) with kernel-mode characteristics (stealthy). The hybrid approach is very successful and the most popular rootkit currently.
- 8. Firmware rootkits Can hide in firmware when the computer is shut down. Restart the computer, and the rootkit reinstalls itself. The altered firmware could be anything from microprocessor code to PCI expansion card firmware. If a removal program remove these rootkits, the next time the computer starts, the firmware rootkit is there. Virtual rootkits They acts like a software implementation of hardware sets in a manner like that used by VMware. virtual rootkits are almost invisible. **The Blue Pill is one example of this type of rootkit.
- 9. How to detect it? There are various ways to scan memory or file system areas or look for hooks into the system from rootkits. By system monitoring. It’s hard to detect rootkits.