Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mathieu Castets October 17th, 2012.  What is a rootkit?  History  Uses  Types  Detection  Removal  References 2/11.

Published byDaisy McKinney Modified over 8 years ago

Similar presentations

Presentation on theme: "Mathieu Castets October 17th, 2012.  What is a rootkit?  History  Uses  Types  Detection  Removal  References 2/11."— Presentation transcript:

1 Mathieu Castets October 17th, 2012

2  What is a rootkit?  History  Uses  Types  Detection  Removal  References 2/11

3  Hackers have to access to the root-level to install a rootkit  Software that hides itself and allow intruders to maintain privileged access  Remotely run command actions or extract information  « root » traditional name of the privileged account on UNIX  « kit » software components that implement the tool 3/11

4  In 1986, the first virus called « Brain virus » was discovered and used cloaking techniques to hide itself  UNIX: In 1990, written by Lane Davis and Steven Dake  Windows NT: In 1999, NTRootkit  Mac OSX: In 2009 4/11

5  In 2005, Sony BMG published CDs with copy protection and DRM  The software silently installed a rootkit  To cloak itself, the rootkit hid from the user any file starting with $sys$  Software engineer Mark Russinovich discovered it on one of his computers  In 2006, Sony BMG released patches to uninstall the rootkit 5/11

6  Provide an attacker with full access  Hide other malwares  Appropriate the compromised machine as a zombie computer  Enforcement of digital rights management (DRM) Hide cheating in online games Enhance emulation software and security software Bypassing Windows Product Activation 6/11

7  Two groups:  Kernel mode/integration  Patch system  Detection can be complicated  Most dangerous  Application level  Replace original executable files  Modify the behavior of applications 7/11

8  Alternative trusted medium: shut down computer and check its storage by booting the system with an alternative trusted media  Behavioral-based: analyzing system behavior like application calls and CPU utilisation  The other detection methods we can use are:  Signature-based  Difference-based  Integrity checking  Memory dumps 8/11

9  Manual removal of a rootkit is often too difficult for a typical computer user  In 2005, Microsoft's monthly Malicious Software Removal Tool is able to detect and remove some classes of rootkits  However, the best way to remove all rootkits is to re-install the operating system 9/11

10  About.com http://netsecurity.about.com/od/frequentlyaskedquesti ons/f/faq_rootkit.htm  Rootkitonline.com http://www.rootkitonline.com/types-of-rootkits.html  Informit.com http://www.informit.com/articles/article.aspx?p=23463 10/11

11 11/11

Download ppt "Mathieu Castets October 17th, 2012.  What is a rootkit?  History  Uses  Types  Detection  Removal  References 2/11."

Similar presentations

Systems Software System Software Enables the applications software to interact with the computer and Helps the computer manage its internal and external.

Systems Software System Software Enables the applications software to interact with the computer and Helps the computer manage its internal and external.
Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.

Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
1 Computer and Internet Security JCCAA Presentation 03/14/2009 Yu-Min (Phillip) Hsieh Sr. System Administrator Information Technology Rice University.

1 Computer and Internet Security JCCAA Presentation 03/14/2009 Yu-Min (Phillip) Hsieh Sr. System Administrator Information Technology Rice University.
Lecture: Malicious Code CIS 3360 Ratan K. Guha. Malicious Code2 Overview and Reading Assignments Defining malicious logic Types Action by Viruses Reading.

Lecture: Malicious Code CIS 3360 Ratan K. Guha. Malicious Code2 Overview and Reading Assignments Defining malicious logic Types Action by Viruses Reading.
Operating System Security : David Phillips A Study of Windows Rootkits.

Operating System Security : David Phillips A Study of Windows Rootkits.
Day 4-1-1 anti-virus 3-3-1.anti-virus 1 detecting a malicious file malware, detection, hiding, removing.

Day anti-virus anti-virus 1 detecting a malicious file malware, detection, hiding, removing.
1 The Sony CD DRM Debacle A case study of digital rights management.

1 The Sony CD DRM Debacle A case study of digital rights management.
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.

Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
How an attacker can maintain control over their victim’s system without being discovered.

How an attacker can maintain control over their victim’s system without being discovered.
Rootkit Definition A rootkit is a collection of tools (programs) that enable administrator-level access to a computer or computer network. Typically, a.

Rootkit Definition A rootkit is a collection of tools (programs) that enable administrator-level access to a computer or computer network. Typically, a.
ROOTKIT VIRUS by Himanshu Mishra Points to be covered Introduction History Uses Classification Installation and Cloaking Detection Removal.

ROOTKIT VIRUS by Himanshu Mishra Points to be covered Introduction History Uses Classification Installation and Cloaking Detection Removal.
Students: Jacek Czeszewski and Marcos Verdini Rosa Professor: José Manuel Magalhães Cruz.

Students: Jacek Czeszewski and Marcos Verdini Rosa Professor: José Manuel Magalhães Cruz.
Virtual Machine Security Design of Secure Operating Systems Summer 2012 Presented By: Musaad Alzahrani.

Virtual Machine Security Design of Secure Operating Systems Summer 2012 Presented By: Musaad Alzahrani.
To Protect or Not Protect - - - Sony/BMG’s DRM Dilemma Sony’s Attempt-- Sony/BMG’s digital right’s management (DRM) “rootkit” inclusion on their music.

To Protect or Not Protect Sony/BMG’s DRM Dilemma Sony’s Attempt-- Sony/BMG’s digital right’s management (DRM) “rootkit” inclusion on their music.
CS 450 - Nathan Digangi.  Secret, undocumented routine embedded within a useful program  Execution of the program results in execution of secret code.

CS Nathan Digangi.  Secret, undocumented routine embedded within a useful program  Execution of the program results in execution of secret code.
Windows Security and Rootkits Mike Willard January 2007.

Windows Security and Rootkits Mike Willard January 2007.
The Downside to DRM. What is DRM? “Digital Rights Management” Software used to control access to copyrighted material Protect company from piracy.

The Downside to DRM. What is DRM? “Digital Rights Management” Software used to control access to copyrighted material Protect company from piracy.
Vijay krishnan Avinesh Dupat  Collection of tools (programs) that enable administrator-level access to a computer or computer network.  The main purpose.

Vijay krishnan Avinesh Dupat  Collection of tools (programs) that enable administrator-level access to a computer or computer network.  The main purpose.
Rootkits: Sneaky, Stealthy Toolboxes

Rootkits: Sneaky, Stealthy Toolboxes
ROOT KITS. Overview History What is a rootkit? Rootkit capabilities Rootkits on windows OS Rootkit demo Detection methodologies Good tools for detection.

ROOT KITS. Overview History What is a rootkit? Rootkit capabilities Rootkits on windows OS Rootkit demo Detection methodologies Good tools for detection.

Similar presentations

Ads by Google