Download Rootkits - Clemson

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
Document related concepts
no text concepts found
Transcript 
By Tyler Scott




What is a Rootkit
What Rootkits do
The Types of Rootkits
How to remove Rootkits


Set of tools (software) that enable continued
privileged access to a computer
Hides its presence from administrators by
circumventing standard operating system
functionality or other applications


Modern rootkits do not elevate access they make
payload undetectable by adding stealth capabilities
Malicious side effects





Provide an attacker with a backdoor
Conceal other malware key loggers/computer viruses
Create zombie machines
Digital rights management (DRM/Sony).
Intended side effects




Conceal cheating in online games
Detect attacks
Anti-theft protection ex low jack software( BIOS-based rootkit)
Bypassing Microsoft Product Activation




User-Mode
Kernel-Mode
Bootkits
Hardware/Firmware



Limited access
Infects user level processes
Hooks or overwrites a running processes
memory to alter the way program acts


Full access to the machine
Infects
Kernel level processes
 Kernel code
 Drivers etc.


Alters the way your operating system as all
processes act







Infects the Master Boot Record (MBR).
Executed before the operating system boots.
Starts after the bios selects the boot device
Hard to detect
Files reside outside of the standard file
systems.
Persists through transition kernel mode
Runs in Normal Mode and Safe Mode.

Persistent malware images created in hardware








Network card
Hard drive
Bios
Hard to detect because firmware/hardware is not
normally scanned for infection
Examples
2008 Rootkits intercepted and transmitted credit card
information via mobile phone networks in Europe
2009 BIOS-level Windows rootkit was able to survive
disk replacement and operating system re-installation
Rootkits CompuTrace and LoJack preinstalled in the
BIOS of laptops. Are used to trace the location of stolen
laptops





Removal is generally very hard
Flashing the bios.
Format the hard drive
Installing a clean version of the OS
Combo fix/Kaspersky tdsskiller



http://searchmidmarketsecurity.techtarget.co
m/definition/rootkit
http://en.wikipedia.org/wiki/Rootkit#Hyper
visor_level
http://support.kaspersky.com/viruses/solutio
ns?qid=208280748
Related documents
ROOTKIT VIRUS
ROOTKIT VIRUS
Chapter 3
Chapter 3
Copilot - a Coprocessor-based Kernel Runtime Integrity Monitor Timothy Fraser
Copilot - a Coprocessor-based Kernel Runtime Integrity Monitor Timothy Fraser
Section for introduction % \section{Introduction} Over the last several
Section for introduction % \section{Introduction} Over the last several
TDL3 Rootkit Presentation
TDL3 Rootkit Presentation
Computer Software
Computer Software
Windows Rootkit Overview
Windows Rootkit Overview
Mebromi Rootkit
Mebromi Rootkit
Section for Related Work % \section{Related Work} Rootkit detection
Section for Related Work % \section{Related Work} Rootkit detection
Information Security Rootkits Dr. Randy M. Kaplan 2 Rootkits What is
Information Security Rootkits Dr. Randy M. Kaplan 2 Rootkits What is
Remote Domain Security Awareness Training
Remote Domain Security Awareness Training
advised
advised