1 / 11

Rootkits

October 17th, 2012. Rootkits. Mathieu Castets. What is a rootkit ? History Uses Types Detection Removal References. Summary. Hackers have to access to the root-level to install a rootkit Software that hides itself and allow intruders to maintain privileged access

ceana
Download Presentation

Rootkits

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. October 17th, 2012 Rootkits Mathieu Castets

  2. Whatis a rootkit? • History • Uses • Types • Detection • Removal • References Summary

  3. Hackers have to access to the root-level to install a rootkit Software that hides itself and allow intruders to maintain privileged access Remotely run command actions or extract information « root » traditional name of the privileged account on UNIX « kit » software components that implement the tool Whatis a rootkit?

  4. In 1986, the first virus called « Brain virus » wasdiscovered and usedcloaking techniques to hideitself UNIX: In 1990, written by Lane Davis and Steven Dake Windows NT: In 1999, NTRootkit Mac OSX: In 2009 History

  5. In 2005, Sony BMG published CDs with copy protection and DRM The software silently installed a rootkit To cloak itself, the rootkit hid from the user any file starting with $sys$ Software engineer Mark Russinovich discovered it on one of his computers In 2006, Sony BMG released patches to uninstall the rootkit History: Sony bmgscandal

  6. Provide an attacker with full access • Hide other malwares • Appropriate the compromised machine as a zombie computer • Enforcement of digital rights management (DRM) • Hide cheating in online games • Enhance emulation software and security software • Bypassing Windows Product Activation  uses

  7. Two groups: • Kernel mode/integration • Patch system • Detection can be complicated • Most dangerous • Application level • Replace original executable files • Modify the behavior of applications types

  8. Alternative trusted medium: shut down computer and check its storage by booting the system with an alternative trusted media • Behavioral-based: analyzing system behavior like application calls and CPU utilisation • The other detection methods we can use are: • Signature-based • Difference-based • Integrity checking • Memory dumps detection

  9. Manual removal of a rootkit is often too difficult for a typical computer user In 2005, Microsoft's monthly Malicious Software Removal Tool is able to detect and remove some classes of rootkits However, the best way to remove all rootkits is to re-install the operating system removal

  10. About.com http://netsecurity.about.com/od/frequentlyaskedquestions/f/faq_rootkit.htm Rootkitonline.com http://www.rootkitonline.com/types-of-rootkits.html Informit.com http://www.informit.com/articles/article.aspx?p=23463 References

  11. Questions?

More Related