1 / 12

RootKit

RootKit. By Parrag Mehta. OUTLINE. What is a RootKit ? Installation Types How do RootKits work ? Detection Removal Prevention Conclusion References. What is a RootKit ?. Software that allows continued privilege access to a computer system without the system users knowledge.

lakia
Télécharger la présentation

RootKit

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. RootKit By Parrag Mehta

  2. OUTLINE • What is a RootKit ? • Installation • Types • How do RootKits work ? • Detection • Removal • Prevention • Conclusion • References

  3. What is a RootKit ? • Software that allows continued privilege access to a computer system without the system users knowledge. • RootKit comes from “Root” – UNIX administrator account and “Kit” – Software components that implement the tool.

  4. INSTALLATION • Exploit Security Vulnerabilities • Cracking a Password • Trick user into executing malicious code • Social Engineering • Malware is beneficial

  5. TYPES • Persistent • Activated every time system starts up • Non-persistent • Not capable of running again on system start up • Way in which they execute • User Mode • Kernel Mode

  6. How do RootKits work ? • RootKits use a simple concept called “Modification” • Some places where modifications can be made in the software: • Patching • Easter Eggs • Spyware Modifications • Source-Code Modifications • Legality of Software Modifications

  7. DETECTION • Alternative trusted medium • Behavioral-based • Signature-based • Difference-based • Integrity-based • Memory Dump

  8. REMOVAL • Re-install OS from trusted media • Highly recommended • Re-install from scratch • Anti-virus software • Malicious software removal tool • AVG Pro • SpySweeper

  9. PREVENTION • Use Anti-virus Software • Install a Firewall • Use good passwords • Keep Software up to date • Follow good security practices

  10. CONCLUSION • Thus, we have seen what Rootkits are, how they work, how can they be detected and removed and also what are the prevention mechanisms. • We also conclude that there is no concrete method to detect and remove RootKits.

  11. REFERENCES • http://en.wikipedia.org/wiki/Rootkit#cite_note-48 • http://www.bestsecuritytips.com/xfsection+article.articleid+122+page+1.htm • http://www.informit.com/articles/article.aspx?p=408884&seqNum=5

  12. THANK YOU

More Related