Presentation is loading. Please wait.

Presentation is loading. Please wait.

Rootkits Jonathan Barella Chad Petersen. Overview What are rootkits How do rootkits work How to detect rootkits How to remove rootkits.

Published byBethany Heather Porter Modified over 8 years ago

Similar presentations

Presentation on theme: "Rootkits Jonathan Barella Chad Petersen. Overview What are rootkits How do rootkits work How to detect rootkits How to remove rootkits."— Presentation transcript:

1 Rootkits Jonathan Barella Chad Petersen

2 Overview What are rootkits How do rootkits work How to detect rootkits How to remove rootkits

3 What is a Rootkit, and how does it work Jonathan Barella

4 What are rootkits? A rootkit is small sophisticated piece of support software that can enable malicious software to run on the compromised computer Commonly associated with spies because of the common goals they share Used in almost every modern piece of malware in the wild today

5 What are rootkits? Broadly defined by Symantec as “any software that acquires and maintains privileged access to the Operating System (OS) while hiding its presence by subverting normal OS behavior” Designed with three main objectives Run Hide Act

6 How do rootkits work? Subverting Normal OS Behavior Vulnerabilities Operating System Applications Exploits Java HTML/Scripting Social Engineering Spam Downloading Installation

7 How do rootkits work? Hooking Operating System APIs

8 How do rootkits work? Hiding in Unused Space on the Compromised System

9 How do rootkits work? Infect the Master Boot Record (MBR)

10 How do rootkits work?

11 This is the ultimate goal to be hidden from the systems view.

12 Finding And Removing Rootkits Chad Petersen

13 Detection Methods Behavioral Integrity Signature Difference

14 Behavioral Detection Pros Can detect unknown rootkits Cons Requires “normal” history Not easy to use False positives

15 Integrity Detection Pros Know what files change When files change What changes files Cons Requires many updates Rootkit can seed itself in update

16 Signature Based Detection Pros Reliably find known kits Easy to use Few false positives Cons large number of updates Does not detect new kits

17 Diff Based Detection Pros Good at finding anomalies in any system Cons does not work well if scan is ran on infected system Must have knowledge to decipher flagged programs.

18 Be Vigilant Lastly the user can sometimes tell when something is amis Network traffic spike Large decrease in performance Rootkits can infect; user files, kernel files, the boot loader, a hypervisor, and hardware firmware.

19 Steps Once Identified Quarantine Encryption Permissions Decide Repair or delete

20 Q&A

Download ppt "Rootkits Jonathan Barella Chad Petersen. Overview What are rootkits How do rootkits work How to detect rootkits How to remove rootkits."

Similar presentations

Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
September,2012 Managing Files and Folders 4/23/2015 Compiled By:- Solomon W. Demissie 1.

September,2012 Managing Files and Folders 4/23/2015 Compiled By:- Solomon W. Demissie 1.
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
Operating System Security : David Phillips A Study of Windows Rootkits.

Operating System Security : David Phillips A Study of Windows Rootkits.
 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.

 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.
Day 4-1-1 anti-virus 3-3-1.anti-virus 1 detecting a malicious file malware, detection, hiding, removing.

Day anti-virus anti-virus 1 detecting a malicious file malware, detection, hiding, removing.
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.

CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
ROOTKIT VIRUS by Himanshu Mishra Points to be covered Introduction History Uses Classification Installation and Cloaking Detection Removal.

ROOTKIT VIRUS by Himanshu Mishra Points to be covered Introduction History Uses Classification Installation and Cloaking Detection Removal.
Students: Jacek Czeszewski and Marcos Verdini Rosa Professor: José Manuel Magalhães Cruz.

Students: Jacek Czeszewski and Marcos Verdini Rosa Professor: José Manuel Magalhães Cruz.
Malwares – Types & Defense Raghunathan Srinivasan Sept 25, 2007 CSE 466/598 Computer Systems Security.

Malwares – Types & Defense Raghunathan Srinivasan Sept 25, 2007 CSE 466/598 Computer Systems Security.
Presented by Justin Bode CS 450 – Computer Security February 17, 2010.

Presented by Justin Bode CS 450 – Computer Security February 17, 2010.
ROOT KITS. Overview History What is a rootkit? Rootkit capabilities Rootkits on windows OS Rootkit demo Detection methodologies Good tools for detection.

ROOT KITS. Overview History What is a rootkit? Rootkit capabilities Rootkits on windows OS Rootkit demo Detection methodologies Good tools for detection.
Chapter 9 Security 9.7 - 9.8 Malware Defenses. Malware Can be used for a form of blackmail. Example: Encrypts files on victim disk, then displays message.

Chapter 9 Security Malware Defenses. Malware Can be used for a form of blackmail. Example: Encrypts files on victim disk, then displays message.
Project By Ben Woodard ISC 110 Professor: Dr. Elaine Wenderholm.

Project By Ben Woodard ISC 110 Professor: Dr. Elaine Wenderholm.
What is it, how does it work, and why is it important?

What is it, how does it work, and why is it important?
TDL3 Rootkit A Sans NewsBite Analysis by Marshall Washburn.

TDL3 Rootkit A Sans NewsBite Analysis by Marshall Washburn.
By, Anish Shanmugasundaram Yashwanth Sainath Jammi.

By, Anish Shanmugasundaram Yashwanth Sainath Jammi.
Protecting Your Computer & Your Information

Protecting Your Computer & Your Information
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
Understanding and Troubleshooting Your PC. Chapter 12: Maintenance and Troubleshooting Fundamentals2 Chapter Objectives  In this chapter, you will learn:

Understanding and Troubleshooting Your PC. Chapter 12: Maintenance and Troubleshooting Fundamentals2 Chapter Objectives  In this chapter, you will learn:

Similar presentations

Ads by Google