Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
rootkits By Tyler Scott
Todays Topics • What is a Rootkit • What Rootkits do • The Types of Rootkits • How to remove Rootkits
What is a Rootkit • Set of tools (software) that enable continued privileged access to a computer • Hides its presence from administrators by circumventing standard operating system functionality or other applications
Rootkit Goals • Modern rootkits do not elevate access they make payload undetectable by adding stealth capabilities • Malicious side effects • Provide an attacker with a backdoor • Conceal other malware key loggers/computer viruses • Create zombie machines • Digital rights management (DRM/Sony). • Intended side effects • Conceal cheating in online games • Detect attacks • Anti-theft protection ex low jack software( BIOS-based rootkit) • Bypassing Microsoft Product Activation
Rootkit Types • User-Mode • Kernel-Mode • Bootkits • Hardware/Firmware
User-Mode • Limited access • Infects user level processes • Hooks or overwrites a running processes memory to alter the way program acts
Kernel-Mode • Full access to the machine • Infects • Kernel level processes • Kernel code • Drivers etc. • Alters the way your operating system as all processes act
Bootkits • Infects the Master Boot Record (MBR). • Executed before the operating system boots. • Starts after the bios selects the boot device • Hard to detect • Files reside outside of the standard file systems. • Persists through transition kernel mode • Runs in Normal Mode and Safe Mode.
Hardware & Firmware • Persistent malware images created in hardware • Network card • Hard drive • Bios • Hard to detect because firmware/hardware is not normally scanned for infection • Examples • 2008 Rootkits intercepted and transmitted credit card information via mobile phone networks in Europe • 2009 BIOS-level Windows rootkit was able to survive disk replacement and operating system re-installation • Rootkits CompuTrace and LoJackpreinstalled in the BIOS of laptops. Are used to trace the location of stolen laptops
Removal • Removal is generally very hard • Flashing the bios. • Format the hard drive • Installing a clean version of the OS • Combo fix/Kaspersky tdsskiller
Bibliography • http://searchmidmarketsecurity.techtarget.com/definition/rootkit • http://en.wikipedia.org/wiki/Rootkit#Hypervisor_level • http://support.kaspersky.com/viruses/solutions?qid=208280748