Rootkits

rootkit-a-malware-or-not“Rootkits is Not Virus , rootkits is just a technology“

Background of RootKit

Rootkits are not a new technology. Modern rootkit are the same methods used in viruses in the 1980s . The viruses during this era used floppy disks and BBS’s (bulletin board systems) to spread infected programs. Early 1990s a hacker would penetrate a system but when

Microsoft introduced Windows NT , The  memory model was changed user programs could no longer modify key system table. During 1990s many hackers figured out how to find and exploits butter overflows.Thus the first rootkits were born . In some cases they replaced key system binaries program with modified versions that could files and processes .

Function of RootKit?

10 years go  Rootkit have been found, rootkits is a useful program that allow and help an attacker to maintain access to the system,user that most powerful. Rootkit is a set of program and code that allows a permanent or consistent , undetectable presence on a computer . Rootkits are designed to hide code and data on a system . ( e.g. many rootkits can hide code and data on a system ). Large corporations also use rootkits to monitor and enforce their computer-use regulations .

How Rootkit Attack ?

Rootkits locates and modifies the software so it makes incorrect decisions. There are many different ways that rootkits attack user Personal Computer (PC) :

Spyware Rootkits can modify software programs for the purpose of infecting it with spyware.
Patching Patching is like placing of color on quilt (selimut). Byte patching is one of the major techniques uses by “crackers” to remove software protections.
Back Door / Easter Egg Back Door is a modification that is built into a software program in user computer that is not part of original design of the program. It creates hidden feature in software program that act like signature.
Source-Code Modification A programmer can insert malicious lines of source code into program .This threat can caused some military application to avoid open-source packages

How to Trace Rootkits ?

It is difficult to detect rootkits , There are no commercial products available that can find and remove all know and unknown rootkits . There are various ways to look rootkit on an infected machine . Detection methods include behavioral-based methods, signature scanning and memory dump analysis

e1b0cb4c-2227-4291-85f3-36f521a10522.jpg

Advertisements