Book: Rootkits Essay

Submitted By kate9708
Words: 1884
Pages: 8
Open Document
10+ things you should know about rootkits
By Michael Kassner

Version 1.0 September 17, 2008

Rootkits are complex and ever changing, which makes it difficult to understand exactly what you're dealing with. Even so, I’d like to take a stab at explaining them, so that you'll have a fighting chance if you're confronted with one.

1

What is a rootkit?

Breaking the term rootkit into the two component words, root and kit, is a useful way to define it. Root is a UNIX/Linux term that’s the equivalent of Administrator in Windows. The word kit denotes programs that allow someone to obtain root/admin-level access to the computer by executing the programs in the kit -- all of which is done without end-user consent or knowledge.

2

Why use a rootkit?

Rootkits have two primary functions: remote command/control (back door) and software eavesdropping. Rootkits allow someone, legitimate or otherwise, to administratively control a computer. This means executing files, accessing logs, monitoring user activity, and even changing the computer’s configuration. Therefore, in the strictest sense, even versions of VNC are rootkits. This surprises most people, as they consider rootkits to be solely malware, but in of themselves they aren’t malicious at all. One famous (or infamous, depending on your viewpoint) example of rootkit use was Sony BMG’s attempt to prevent copyright violations. Sony BMG didn't tell anyone that it placed DRM software on home computers when certain CDs were played. On a scary note, the rootkit hiding technique Sony used was so good not one antivirus or anti-spyware application detected it.

3

How do rootkits propagate?

Rootkits can't propagate by themselves, and that fact has precipitated a great deal of confusion. In reality, rootkits are just one component of what is called a blended threat. Blended threats typically consist of three snippets of code: a dropper, loader, and rootkit. The dropper is the code that gets the rootkit’s installation started. Activating the dropper program usually entails human intervention, such as clicking on a malicious e-mail link. Once initiated, the dropper launches the loader program and then deletes itself. Once active, the loader typically causes a buffer overflow, which loads the rootkit into memory. Blended threat malware gets its foot in the door through social engineering, exploiting known vulnerabilities, or even brute force. Here are two examples of some current and successful exploits: IM. One approach requires computers with IM installed (not that much of a stretch). If the appropriate blended threat gains a foothold on just one computer using IM, it takes over the IM client, sending out messages containing malicious links to everyone on the contact list. When the recipient clicks on the link (social engineering, as it’s from a friend), that computer becomes infected and has a rootkit on it as well. Rich content. The newest approach is to insert the blended threat malware into rich-content files, such as PDF documents. Just opening a malicious PDF file will execute the dropper code, and it’s all over.

Page 1
Copyright © 2008 CNET Networks, Inc., a CBS Company. All rights reserved. TechRepublic is a registered trademark of CNET Networks, Inc For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/2001-6240-0.html

10+ things you should know about rootkits

4

User-mode rootkits

There are several types of rootkits, but we'll start with the simplest one. User-mode rootkits run on a computer with administrative privileges. This allows user-mode rootkits to alter security and hide processes, files, system drivers, network ports, and even system services. User-mode rootkits remain installed on the infected computer by copying required files to the computer’s hard drive, automatically launching with every system boot. Sadly, user-mode rootkits are the only type that antivirus or anti-spyware applications
Show More

Related Documents: Book: Rootkits Essay

CCC Vocabulary Essay

Computer literacy , also known as digital literacy , involves having a current knowledge and under standing of computers and their uses. Computer is an electronic device, operating under the control of instructions stored in its own memory, that can accept data, process the data according to specified rules, produce results, and store the results for future use. Data is a collection of unprocessed items, which can include text, numbers, images, audio, and video. THE INPUT enter data into computer…

Words 2988 - Pages 12

Hacker: Computer Virus and Information Essay

viruses, Trojan Horses, and even script worms that embed themselves into the system emails, games, graphics and communication. This is getting to be all too common in this digital world in which we all live in. (Figure 2) Jon Zonderman, author of the book “Beyond the Crime Lab, The New Science of Investigation” wrote: “One of the hottest new pieces of office automation equipment is the facsimile machine, commonly known as a FAX. Because of its speed- a page of text can be sent in four to six seconds…

Words 1156 - Pages 5