rootkits n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
rootkits PowerPoint Presentation
Download Presentation
rootkits

Loading in 2 Seconds...

play fullscreen
1 / 11
leola

rootkits - PowerPoint PPT Presentation

220 Views
Download Presentation
rootkits
An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. rootkits By Tyler Scott

  2. Todays Topics • What is a Rootkit • What Rootkits do • The Types of Rootkits • How to remove Rootkits

  3. What is a Rootkit • Set of tools (software) that enable continued privileged access to a computer • Hides its presence from administrators by circumventing standard operating system functionality or other applications

  4. Rootkit Goals • Modern rootkits do not elevate access they make payload undetectable by adding stealth capabilities • Malicious side effects • Provide an attacker with a backdoor • Conceal other malware key loggers/computer viruses • Create zombie machines • Digital rights management (DRM/Sony). • Intended side effects • Conceal cheating in online games • Detect attacks • Anti-theft protection ex low jack software( BIOS-based rootkit) • Bypassing Microsoft Product Activation

  5. Rootkit Types • User-Mode • Kernel-Mode • Bootkits • Hardware/Firmware

  6. User-Mode • Limited access • Infects user level processes • Hooks or overwrites a running processes memory to alter the way program acts

  7. Kernel-Mode • Full access to the machine • Infects • Kernel level processes • Kernel code • Drivers etc. • Alters the way your operating system as all processes act

  8. Bootkits • Infects the Master Boot Record (MBR). • Executed before the operating system boots. • Starts after the bios selects the boot device • Hard to detect • Files reside outside of the standard file systems. • Persists through transition kernel mode • Runs in Normal Mode and Safe Mode.

  9. Hardware & Firmware • Persistent malware images created in hardware • Network card • Hard drive • Bios • Hard to detect because firmware/hardware is not normally scanned for infection • Examples • 2008 Rootkits intercepted and transmitted credit card information via mobile phone networks in Europe • 2009 BIOS-level Windows rootkit was able to survive disk replacement and operating system re-installation • Rootkits CompuTrace and LoJackpreinstalled in the BIOS of laptops. Are used to trace the location of stolen laptops

  10. Removal • Removal is generally very hard • Flashing the bios. • Format the hard drive • Installing a clean version of the OS • Combo fix/Kaspersky tdsskiller

  11. Bibliography • http://searchmidmarketsecurity.techtarget.com/definition/rootkit • http://en.wikipedia.org/wiki/Rootkit#Hypervisor_level • http://support.kaspersky.com/viruses/solutions?qid=208280748