Presentation is loading. Please wait.

Presentation is loading. Please wait.

ROOTKIT VIRUS by Himanshu Mishra Points to be covered Introduction History Uses Classification Installation and Cloaking Detection Removal.

Published byEsmond Hood Modified over 9 years ago

Similar presentations

Presentation on theme: "ROOTKIT VIRUS by Himanshu Mishra Points to be covered Introduction History Uses Classification Installation and Cloaking Detection Removal."— Presentation transcript:

1

2 ROOTKIT VIRUS by Himanshu Mishra

3 Points to be covered Introduction History Uses Classification Installation and Cloaking Detection Removal

4 INTRODUCTION A set of software tools used by a third party after gaining access to a computer system in order to conceal the altering of files, or processes being executed by the third party without the user's knowledge.

5 INTRODUCTION Ctd… The term rootkit is a concatenation of the ’root’ user account in Unix operating systems and the word ‘kit’, which refers to the software components that implement the tool.

6 HISTORY The very first documented computer virus to target the PC platform in 1986 For SunOS 4.1.1 earliest known rootkit in 1990 For Windows NT operating system rootkit appeared in 1999

7 USES Provide an attacker with full access via a back door Conceal other malware Conceal cheating in online games from software Appropriate the compromised machine as a zombie computer for attacks on other computers.

8 USES Ctd… Detect attacks Enhance emulation software and security software Anti-theft protection Enforcement of DRM

9 CLASSIFICATION User-mode Kernel-Mode Boot loader level Hypervisor level Hardware/Firmware

10 CLASSIFICATION Ctd… User-mode : User-mode rootkits run in Ring 3 as user rather than low-level system processes. Kernel-mode : Kernel-mode rootkits run with the highest operating system privileges (Ring 0) by adding additional code or replacing portions of the core operating system, including both the kernel and associated device drivers.

11 CLASSIFICATION Ctd… Computer security rings

12 CLASSIFICATION Ctd… Boot loader level (Bootkit): Bootkit is used predominantly to attack full disk encryption systems. Hypervisor level: This type of rootkit runs in Ring -1 and hosts the target operating system as a virtual machine, thereby enabling the rootkit to intercept all hardware calls made by the original operating system.

13 CLASSIFICATION Ctd… Hardware/Firmware: A firmware rootkit uses device or platform firmware to create a persistent malware image in hardware.

14 INSTALLATION AND CLOAKING Rootkits employ a variety of techniques to gain control of a system The most common is to leverage security vulnerabilities. Another approach is to become a Trojan horse The installation of rootkits is commercially driven, with a Pay-Per-Install (PPI) compensation method for distributors.

15 DETECTION Alternative trusted medium Behavioural-based Signature-based Difference-based Integrity checking Memory dumps

16 REMOVAL Some experts believe that the only reliable way to remove them is to re-install the operating system from trusted media. Microsoft's monthly Malicious Software Removal Tool is able to detect and remove some rootkits.

17 Thank you reference: http://en.wikipedia.org/wiki/Rootkit http://en.wikipedia.org/wiki/Rootkit

Download ppt "ROOTKIT VIRUS by Himanshu Mishra Points to be covered Introduction History Uses Classification Installation and Cloaking Detection Removal."

Similar presentations

COURSE: COMPUTER PLATFORMS

COURSE: COMPUTER PLATFORMS
Day 4-1-1 anti-virus 3-3-1.anti-virus 1 detecting a malicious file malware, detection, hiding, removing.

Day anti-virus anti-virus 1 detecting a malicious file malware, detection, hiding, removing.
Students: Jacek Czeszewski and Marcos Verdini Rosa Professor: José Manuel Magalhães Cruz.

Students: Jacek Czeszewski and Marcos Verdini Rosa Professor: José Manuel Magalhães Cruz.
3 Section C: Installing Software and Upgrades  Web Apps  Mobile Apps  Local Applications  Portable Software  Software Upgrades and Updates  Uninstalling.

3 Section C: Installing Software and Upgrades  Web Apps  Mobile Apps  Local Applications  Portable Software  Software Upgrades and Updates  Uninstalling.
Virtual Machine Security Design of Secure Operating Systems Summer 2012 Presented By: Musaad Alzahrani.

Virtual Machine Security Design of Secure Operating Systems Summer 2012 Presented By: Musaad Alzahrani.
Sony White House Anthem Lockheed Aramco Bushehr nuclear reactor NSA Hacked Facebook Hacked Apple,Google,Microsoft,

Sony White House Anthem Lockheed Aramco Bushehr nuclear reactor NSA Hacked Facebook Hacked Apple,Google,Microsoft,
Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,

Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,
Windows Security and Rootkits Mike Willard January 2007.

Windows Security and Rootkits Mike Willard January 2007.
Security+ Guide to Network Security Fundamentals, Third Edition

Security+ Guide to Network Security Fundamentals, Third Edition
Vijay krishnan Avinesh Dupat  Collection of tools (programs) that enable administrator-level access to a computer or computer network.  The main purpose.

Vijay krishnan Avinesh Dupat  Collection of tools (programs) that enable administrator-level access to a computer or computer network.  The main purpose.
Presented by Boris Yurovitsky

Presented by Boris Yurovitsky
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
Chapter 9 Security 9.7 - 9.8 Malware Defenses. Malware Can be used for a form of blackmail. Example: Encrypts files on victim disk, then displays message.

Chapter 9 Security Malware Defenses. Malware Can be used for a form of blackmail. Example: Encrypts files on victim disk, then displays message.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Root Kits and Windows Hardening Team BAM! Scott Amack Everett Bloch Maxine Major.

Root Kits and Windows Hardening Team BAM! Scott Amack Everett Bloch Maxine Major.
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.

Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.
VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.

VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
By, Anish Shanmugasundaram Yashwanth Sainath Jammi.

By, Anish Shanmugasundaram Yashwanth Sainath Jammi.
1 UCR Firmware Attacks and Security introduction.

1 UCR Firmware Attacks and Security introduction.

Similar presentations

Ads by Google