1 / 16

ROOTKIT VIRUS by Himanshu Mishra

ROOTKIT VIRUS by Himanshu Mishra. Points to be covered. Introduction History Uses Classification Installation and Cloaking Detection Removal. INTRODUCTION.

rodneyb
Download Presentation

ROOTKIT VIRUS by Himanshu Mishra

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ROOTKIT VIRUSby Himanshu Mishra

  2. Points to be covered • Introduction • History • Uses • Classification • Installation and Cloaking • Detection • Removal

  3. INTRODUCTION • A set of software tools used by a third party after gaining access to a computer system in order to conceal the altering offiles, or processes being executed by the third party without the user's knowledge.

  4. INTRODUCTION Ctd… • The term rootkit is a concatenation of the ’root’ user account in Unix operating systems and the word ‘kit’, which refers to the software components that implement the tool.

  5. HISTORY • The very first documented computer virus to target the PC platform in 1986 • For SunOS 4.1.1 earliest known rootkit in 1990 • For Windows NT operating system rootkit appeared in 1999

  6. USES • Provide an attacker with full access via a back door • Conceal other malware • Conceal cheating in online games from software • Appropriate the compromised machine as a zombie computer for attacks on other computers.

  7. USES Ctd… • Detect attacks • Enhance emulation software and security software • Anti-theft protection • Enforcement of DRM

  8. CLASSIFICATION • User-mode • Kernel-Mode • Boot loader level • Hypervisor level • Hardware/Firmware

  9. CLASSIFICATION Ctd… • User-mode : User-mode rootkits run in Ring 3 as user rather than low-level system processes. • Kernel-mode : Kernel-mode rootkits run with the highest operating system privileges (Ring 0) by adding additional code or replacing portions of the core operating system, including both the kernel and associated device drivers.

  10. CLASSIFICATION Ctd… Computer security rings

  11. CLASSIFICATION Ctd… • Boot loader level (Bootkit): Bootkit is used predominantly to attack full disk encryption systems. • Hypervisor level: This type of rootkit runs in Ring -1 and hosts the target operating system as a virtual machine, thereby enabling the rootkit to intercept all hardware calls made by the original operating system.

  12. CLASSIFICATION Ctd… • Hardware/Firmware: A firmware rootkit uses device or platform firmware to create a persistent malware image in hardware.

  13. INSTALLATION AND CLOAKING • Rootkits employ a variety of techniques to gain control of a system • The most common is to leverage security vulnerabilities.  • Another approach is to become a Trojan horse • The installation of rootkits is commercially driven, with a Pay-Per-Install (PPI) compensation method for distributors.

  14. DETECTION • Alternative trusted medium • Behavioural-based • Signature-based • Difference-based • Integrity checking • Memory dumps

  15. REMOVAL • Some experts believe that the only reliable way to remove them is to re-install the operating system from trusted media. • Microsoft's monthly Malicious Software Removal Tool is able to detect and remove some rootkits.

  16. Thank youreference:http://en.wikipedia.org/wiki/Rootkit

More Related