Rootkit Definitions


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Rootkit Definitions

  1. 1. Rootkit Definition A rootkit is a collection of tools (programs) that enable administrator-level access to a computer or computer network. Typically, a cracker installs a rootkit on a computer after first obtaining user-level access, either by exploiting a known vulnerability or cracking a password. Once the rootkit is installed, it allows the attacker to mask intrusion and gain root or privileged access to the computer and, possibly, other machines on the network.
  2. 2. Rootkit Definition A rootkit may consist of spyware and other programs that: monitor traffic and keystrokes; create a "backdoor" into the system for the hacker's use; alter log files; attack other machines on the network; and alter existing system tools to escape detection.
  3. 3. Rootkit Definition The presence of a rootkit on a network was first documented in the early 1990s. At that time, Sun and Linux operating systems were the primary targets for a hacker looking to install a rootkit. Today, rootkits are available for a number of operating systems, including Windows, and are increasingly difficult to detect on any network.
  4. 4. Rootkit Definition Rootkits have become more common and their sources more surprising. In late October of 2005, security expert Mark Russinovich of Sysinternals discovered that he had a rootkit on his own computer that had been installed as part of the digital rights management ( DRM ) component on a Sony audio CD.
  5. 5. Rootkit Definition Experts worry that the practice may be more widespread than the public suspects and that attackers could exploit existing rootkits. "This creates opportunities for virus writers," said Mikko Hypponen, director of AV research for Finnish firm F-Secure Corp. "These rootkits can be exploited by any malware, and when it's used this way, it's harder for firms like ours to distinguish the malicious from the legitimate."
  6. 6. Rootkit Definition A number of vendors, including Microsoft, F-Secure, and Sysinternals, offer applications that can detect the presence of rootkits. If a rootkit is detected, however, the only sure way to get rid of it is to completely erase the computer's hard drive and reinstall the operating system.
  7. 7. Rootkit – Crackers use them A cracker is someone who breaks into someone else's computer system, often on a network; bypasses passwords or licenses in computer programs; or in other ways intentionally breaches computer security. A cracker can be doing this for profit, maliciously, for some altruistic purpose or cause, or because the challenge is there. Some breaking-and-entering has been done ostensibly to point out weaknesses in a site's security system.
  8. 8. Rootkit – Crackers use them The term "cracker" is not to be confused with " hacker ". Hackers generally deplore cracking. However, as Eric Raymond, compiler of The New Hacker's Dictionary notes, some journalists ascribe break-ins to "hackers." Top
  9. 9. Rootkit – Hackers use them Hacker is a term used by some to mean "a clever programmer" and by others, especially those in popular media, to mean "someone who tries to break into computer systems."
  10. 10. Rootkit – Hackers use them <ul><li>Five possible characteristics that qualify one as a hacker, which we paraphrase here: </li></ul><ul><li>A person who enjoys learning details of a programming language or system </li></ul><ul><li>A person who enjoys actually doing the programming rather than just theorizing about it </li></ul>
  11. 11. Rootkit – Hackers use them <ul><li>(continued) </li></ul><ul><li>A person capable of appreciating someone else's hacking </li></ul><ul><li>A person who picks up programming quickly </li></ul><ul><li>A person who is an expert at a particular programming language or system, as in &quot; Unix hacker&quot; </li></ul>
  12. 12. Rootkit – Hackers use them (continued) The term hacker is used in popular media to describe someone who attempts to break into computer systems. Typically, this kind of hacker would be a proficient programmer or engineer with sufficient technical knowledge to understand the weak points in a security system. For more on this usage, see cracker .
  13. 13. Rootkit – Hackers and Crackers <ul><li>The the discussion so far would indicate that these two terms describe someone with illegal activities in mind. However, there are legitimate reasons to hack or crack into a computer. The following are some possible legal uses for to hack a system or crack a password; </li></ul><ul><ul><li>Computer owner losses passwords </li></ul></ul><ul><ul><li>Law enforcement check for criminal activity </li></ul></ul><ul><ul><li>Recovering lost data </li></ul></ul><ul><li>Rootkits are more often used for illegal or malicious purposes. </li></ul>
  14. 14. Rootkit - Spyware Spyware is any technology that aids in gathering information about a person or organization without their knowledge. On the Internet (where it is sometimes called a spybot or tracking software ), spyware is programming that is put in someone's computer to secretly gather information about the user and relay it to advertisers or other interested parties. Spyware can get in a computer as a software virus or as the result of installing a new program.
  15. 15. Rootkit - Spyware Data collecting programs that are installed with the user's knowledge are not, properly speaking, spyware, if the user fully understands what data is being collected and with whom it is being shared. However, spyware is often installed without the user's consent, as a drive-by download , or as the result of clicking some option in a deceptive pop-up window.
  16. 16. Rootkit - Spyware . Software designed to serve advertising, known as adware , can usually be thought of as spyware as well because it almost invariably includes components for tracking and reporting user information. However, marketing firms object to having their products called &quot;spyware.&quot; As a result, McAfee (the Internet security company) and others now refer to such applications as &quot;potentially unwanted programs&quot; ( PUP ).
  17. 17. Rootkit - Spyware The cookie is a well-known mechanism for storing information about an Internet user on their own computer. If a Web site stores information about you in a cookie that you don't know about, the cookie can be considered a form of spyware. Spyware is part of an overall public concern about privacy on the Internet. Top