1 / 11

rootkits

rootkits. By Tyler Scott. Todays Topics. What is a Rootkit What Rootkits do The Types of Rootkits How to remove Rootkits. What is a Rootkit. Set of tools (software) that enable continued privileged access to a computer

leola
Download Presentation

rootkits

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. rootkits By Tyler Scott

  2. Todays Topics • What is a Rootkit • What Rootkits do • The Types of Rootkits • How to remove Rootkits

  3. What is a Rootkit • Set of tools (software) that enable continued privileged access to a computer • Hides its presence from administrators by circumventing standard operating system functionality or other applications

  4. Rootkit Goals • Modern rootkits do not elevate access they make payload undetectable by adding stealth capabilities • Malicious side effects • Provide an attacker with a backdoor • Conceal other malware key loggers/computer viruses • Create zombie machines • Digital rights management (DRM/Sony). • Intended side effects • Conceal cheating in online games • Detect attacks • Anti-theft protection ex low jack software( BIOS-based rootkit) • Bypassing Microsoft Product Activation

  5. Rootkit Types • User-Mode • Kernel-Mode • Bootkits • Hardware/Firmware

  6. User-Mode • Limited access • Infects user level processes • Hooks or overwrites a running processes memory to alter the way program acts

  7. Kernel-Mode • Full access to the machine • Infects • Kernel level processes • Kernel code • Drivers etc. • Alters the way your operating system as all processes act

  8. Bootkits • Infects the Master Boot Record (MBR). • Executed before the operating system boots. • Starts after the bios selects the boot device • Hard to detect • Files reside outside of the standard file systems. • Persists through transition kernel mode • Runs in Normal Mode and Safe Mode.

  9. Hardware & Firmware • Persistent malware images created in hardware • Network card • Hard drive • Bios • Hard to detect because firmware/hardware is not normally scanned for infection • Examples • 2008 Rootkits intercepted and transmitted credit card information via mobile phone networks in Europe • 2009 BIOS-level Windows rootkit was able to survive disk replacement and operating system re-installation • Rootkits CompuTrace and LoJackpreinstalled in the BIOS of laptops. Are used to trace the location of stolen laptops

  10. Removal • Removal is generally very hard • Flashing the bios. • Format the hard drive • Installing a clean version of the OS • Combo fix/Kaspersky tdsskiller

  11. Bibliography • http://searchmidmarketsecurity.techtarget.com/definition/rootkit • http://en.wikipedia.org/wiki/Rootkit#Hypervisor_level • http://support.kaspersky.com/viruses/solutions?qid=208280748

More Related