Difference between revisions of "Rootkit"

From WOT Wiki
Jump to: navigation, search
m
(Revert major vandalism)
 
(4 intermediate revisions by 3 users not shown)
Line 1: Line 1:
A Rootkit is a software system that consists of a program or combination of several programs designed to hide or obscure the fact that a system has been compromised. Contrary to what its name may imply, a Rootkit does not grant a user administrator privileges, as it requires prior access to execute and tamper with system files and processes. An attacker may use a Rootkit to replace vital system executables, which may then be used to hide processes and files the attacker has installed, along with the presence of the Rootkit. Access to the hardware, e.g., the reset switch, is rarely required, as a Rootkit is intended to seize control of the operating system. Typically, Rootkits act to obscure their presence on the system through subversion or evasion of standard operating system security scan and surveillance mechanisms such as anti-virus or anti-spyware scan. Often, they are [[Trojan Horse|Trojans]] as well, thus fooling users into believing they are safe to run on their systems. Techniques used to accomplish this can include concealing running processes from monitoring programs, or hiding files or system data from the operating system. Rootkits may also install a "[[Backdoor|back door]]" in a system by replacing the login mechanism (such as /bin/login) with an executable that accepts a secret login combination, which, in turn, allows an attacker to access the system, regardless of the changes to the actual accounts on the system.
+
Rootkits are software systems that consists of program/s designed to hide or obscure the fact that a system has been compromised. Contrary to what its name may imply, a Rootkit does ''not'' grant a user administrator privileges, requiring prior access to execute and tamper with system files and processes. An attacker may use a Rootkit to replace vital system executables, which may then be used to hide processes and files the attacker has installed, along with the presence of the Rootkit. Access to the hardware, e.g., the reset switch, is rarely required, as a Rootkit is intended to seize control of the [http://en.wikipedia.org/wiki/Operating_system OS]. Typically, Rootkits act to obscure their presence on the system through subversion or evasion of standard operating system security scan and surveillance mechanisms such as anti-virus or anti-spyware scan. Often, they are [[Trojan Horse|Trojans]] as well, thus fooling users into believing they are safe to run on their systems. Techniques used to accomplish this can include concealing running processes from monitoring programs, or hiding files or system data from the operating system. Rootkits may also install a "[[Backdoor]]" in a system by replacing the login mechanism (such as /bin/login) with an executable that accepts a secret login combination, which, in turn, allows an attacker to access the system, regardless of the changes to the actual accounts on the system.
  
 
Rootkits may have originated as regular applications, intended to take control of a failing or unresponsive system, but in recent years have been largely malware to help intruders gain access to systems while avoiding detection. Rootkits exist for a variety of operating systems, such as Microsoft Windows, Linux, Mac OS, and Solaris. Rootkits often modify parts of the operating system or install themselves as drivers or kernel modules, depending on the internal details of an operating system's mechanisms.
 
Rootkits may have originated as regular applications, intended to take control of a failing or unresponsive system, but in recent years have been largely malware to help intruders gain access to systems while avoiding detection. Rootkits exist for a variety of operating systems, such as Microsoft Windows, Linux, Mac OS, and Solaris. Rootkits often modify parts of the operating system or install themselves as drivers or kernel modules, depending on the internal details of an operating system's mechanisms.
  
For more detailed information, please refer to the Wikipedia main entry for: [http://en.wikipedia.org/wiki/Rootkit Rootkit]
+
For more detailed information, please refer to the Wikipedia main entry for [http://en.wikipedia.org/wiki/Rootkit rootkits.]
  
 
==Removal/detection software==
 
==Removal/detection software==
 
===Windows===
 
===Windows===
 
*F-Secure BlackLight
 
*F-Secure BlackLight
*RookitRevealer
+
*Kaspersky TDSSKiller
 +
 
 
===Linux===
 
===Linux===
 
*rkhunter
 
*rkhunter

Latest revision as of 15:32, 12 April 2015

Rootkits are software systems that consists of program/s designed to hide or obscure the fact that a system has been compromised. Contrary to what its name may imply, a Rootkit does not grant a user administrator privileges, requiring prior access to execute and tamper with system files and processes. An attacker may use a Rootkit to replace vital system executables, which may then be used to hide processes and files the attacker has installed, along with the presence of the Rootkit. Access to the hardware, e.g., the reset switch, is rarely required, as a Rootkit is intended to seize control of the OS. Typically, Rootkits act to obscure their presence on the system through subversion or evasion of standard operating system security scan and surveillance mechanisms such as anti-virus or anti-spyware scan. Often, they are Trojans as well, thus fooling users into believing they are safe to run on their systems. Techniques used to accomplish this can include concealing running processes from monitoring programs, or hiding files or system data from the operating system. Rootkits may also install a "Backdoor" in a system by replacing the login mechanism (such as /bin/login) with an executable that accepts a secret login combination, which, in turn, allows an attacker to access the system, regardless of the changes to the actual accounts on the system.

Rootkits may have originated as regular applications, intended to take control of a failing or unresponsive system, but in recent years have been largely malware to help intruders gain access to systems while avoiding detection. Rootkits exist for a variety of operating systems, such as Microsoft Windows, Linux, Mac OS, and Solaris. Rootkits often modify parts of the operating system or install themselves as drivers or kernel modules, depending on the internal details of an operating system's mechanisms.

For more detailed information, please refer to the Wikipedia main entry for rootkits.

Removal/detection software

Windows

  • F-Secure BlackLight
  • Kaspersky TDSSKiller

Linux

  • rkhunter