1 / 15

ROOTKIT -MALWARE

ROOTKIT -MALWARE. Vijay krishnan Avinesh Dupat. ROOTKIT. Collection of tools (programs) that enable administrator-level access to a computer or computer network. The main purpose of a Rootkit is to make unauthorized modifications to the software in your PC.

kyle
Download Presentation

ROOTKIT -MALWARE

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ROOTKIT -MALWARE Vijay krishnan AvineshDupat

  2. ROOTKIT • Collection of tools (programs) that enable administrator-level access to a computer or computer network. • The main purpose of a Rootkitis to make unauthorized modifications to the software in your PC

  3. What is it used for? • Provide an attacker full access via backdoor techniques. • Conceal other malware. • Appropriate the compromised machine as a zombie computer for attacks on other computers. • Non Hostile Rootkits-Anti-theft protection, Enforcement of DRM, Enhance emulation software and security software

  4. Rootkit Attack • Attacker identifies an existing vulnerability in a target system. • After gaining access to a vulnerable system, the attacker can install a rootkit manually.  • Can covertly steal user passwords, credit card information, computing resources, or to conduct other unauthorized activities without the knowledge of administrator

  5. MODUS OPERANDI • Spyware : Modifying software programs for the purpose of infecting it with spyware.  • Backdoor :Modification that is built into a software program in your computer that is not part of the original design of the program • Byte Patching :Bytes are constructed in a specific order which can be modified by a rootkit • Source code modification :modifying the code in the PC's software right at the main source

  6. Types of Rootkits • User mode :run on a computer through administrator privileges  • Kernel mode :Installed at the same level as the PCs operating system • Firmware :Create malcode inside the firmware while you computer is shut down

  7. Defensive Measures • Proactive • Preventing the rootkit from being installed • Preventing compromise in the first place • Reactive • Detecting the Rootkit after it has been installed • Removal of the Rootkit

  8. Rootkit Prevention • The first step in prevention of Rootkit is to run in less privileged user mode. • Use of the sc command in Windows XP. This locks up the Windows Service database. • Use HIPS (Host based Intrusion Prevention System) tool like AntiHook • Use a tool like Sandboxie which creates a sandbox like environment within which we can run any program

  9. RootKit Prevention • Cover all the infection vectors • Refrain from engaging in dangerous activities when logged in as administrator. • Don't read email, browse the Web, or work with documents while logged on at servers interactively or through Windows Terminal Services • Disable unneeded features and service • Have the latest Anti virus software

  10. Rootkit Detection • Very Difficult because Rootkit’s goal is to hide • Antivirus products that have various levels of success with detecting rootkits. • Enumerate your system's contents and boot up using a known-good operating system. • Use of a packet sniffer, such as WinDump, or a network firewall 

  11. Types of Rootkit Detection • Alternative trusted medium • Behavioral-based • Signature-based • Difference-based • Integrity checking • Memory dumps

  12. RootKit Removal • Rootkit Detection tools -> Detect Rootkits Eg : Rootkit Revealer • Rootkit Removal tools -> Eliminates Rootkits from the user’s system Eg : IceSword

  13. Removal • Rebuilding the System is the BEST solution! • Clean the infection • Disable rootkit • Boot with clean CD and remove rootkit’s resources

  14. References • http://www.spamlaws.com/how-rootkits-work.html • www.en.wikipedia.org • http://swatrant.blogspot.com/2006/02/rootkit-detection-removal-and.html • http://www.dba-oracle.com/forensics/t_forensics_network_attack.htm • http://technet.microsoft.com/en-us/library/cc512642.aspx • http://www.windowsitpro.com/article/antivirus/defending-against-rootkits.aspx

  15. THANK YOU!

More Related