By, Anish Shanmugasundaram Yashwanth Sainath Jammi.

Slides:



Advertisements
Similar presentations
Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Advertisements

1 Computer and Internet Security JCCAA Presentation 03/14/2009 Yu-Min (Phillip) Hsieh Sr. System Administrator Information Technology Rice University.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
ROOTKIT VIRUS by Himanshu Mishra Points to be covered Introduction History Uses Classification Installation and Cloaking Detection Removal.
Students: Jacek Czeszewski and Marcos Verdini Rosa Professor: José Manuel Magalhães Cruz.
By Joshua T. I. Towers $13.3 billion was the direct cost of malware for business in 2006 “direct costs are defined as labor costs to analyze, repair.
Vijay krishnan Avinesh Dupat  Collection of tools (programs) that enable administrator-level access to a computer or computer network.  The main purpose.
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
Chapter 9 Security Malware Defenses. Malware Can be used for a form of blackmail. Example: Encrypts files on victim disk, then displays message.
Botnets Uses, Prevention, and Examples. Background Robot Network Programs communicating over a network to complete a task Adapted new meaning in the security.
Internet Safety By Megan Wilkinson. Viruses If your computer haves a viruses on it, it will show one of them or a different one. All commuters have different.
TDL3 Rootkit A Sans NewsBite Analysis by Marshall Washburn.
eScan Total Security Suite with Cloud Security
Malware Spyware & Viruses Overview  What does it look like?  What is it?  How can you prevent it?  What can you do about it when you get it?
MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.
Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.
Operating Systems.
®® Microsoft Windows 7 for Power Users Tutorial 8 Troubleshooting Windows 7.
Hacker Zombie Computer Reflectors Target.
Malware Fighting Spyware, Viruses, and Malware Ch 4.
Spyware and Viruses Group 6 Magen Price, Candice Fitzgerald, & Brittnee Breze.
Vijay Krishnan Avinesh Dupat. A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators.
Malicious Attack Corporate Awareness and Walk through Date 29 September 2011.
Administrator Protect against Malware by: Brittany Slisher and Gary Asciutto.
University of Management & Technology 1 Operating Systems & Utility Programs.
Windows Vista Inside Out Chapter 22 - Monitoring System Activities with Event Viewer Last modified am.
Computer viruses are small software programs that are made to spread from one computer to another and to interfere with computer operations. There are.
A computer virus is a computer program that can replicate itself and spread from one computer to another. The term "virus" is also commonly, but erroneously.
Virus Detection Mechanisms Final Year Project by Chaitanya kumar CH K.S. Karthik.
Network problems Last week, we talked about 3 disadvantages of networks. What are they?
Attack Plan Alex. Introduction This presents a step-by-step attack plan to clean up an infected computer This presents a step-by-step attack plan to clean.
Return to the PC Security web page Lesson 5: Dealing with Malware.
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
For any query mail to or BITS Pilani Lecture # 1.
Mathieu Castets October 17th,  What is a rootkit?  History  Uses  Types  Detection  Removal  References 2/11.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
Mahdi The “Messiah” (CPSC 620) Akash Mudubagilu Arindam Gupta.
Malware Spyware & Viruses Overview  What does it look like?  What is it?  How can you prevent it?  What can you do about it when you get it?
RootKit By Parrag Mehta OUTLINE What is a RootKit ? Installation Types How do RootKits work ? Detection Removal Prevention Conclusion References.
Computer Skills and Applications Computer Security.
Presenter: Le Quoc Thanh SPYWARE ANALYSIS AND DETECTION.
IT Computer Security JEOPARDY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.
Computer virus Speaker : 蔡尚倫.  Introduction  Infection target  Infection techniques Outline.
Internet safety By Suman Nazir
Keith Bower. What is Internet Security  Internet security is the protection of a computer's internet account and files from intrusion of an outside user.
W elcome to our Presentation. Presentation Topic Virus.
NETWORK SECURITY Definitions and Preventions Toby Wilson.
Lecture 5 Rootkits Hoglund/Butler (Chapters 1-3).
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
DEVICE MANAGEMENT AND SECURITY NTM 1700/1702. LEARNING OUTCOMES 1. Students will manipulate multiple platforms and troubleshoot problems when they arise.
COMPUTER VIRUSES ….! Presented by: BSCS-I Maheen Zofishan Saba Naz Numan Sheikh Javaria Munawar Aisha Fatima.
Viruses A computer program that can replicate itself and is spread from one computer to another Can be spread by networks, the internet, or removable mediums.
Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.
Remember effective ways to search +walk (includes words) Intitle:iPad Intext:ipad site:pbs.org Site:gov filetype:jpg.
Antivirus Software Technology By Mitchell Zell. Intro  Computers are vulnerable to attack  Most common type of attack is Malware  Short for malicious.
Computer Security Keeping you and your computer safe in the digital world.
Discovering Computers 2012: Chapter 8
3.6 Fundamentals of cyber security
A+ Guide to Managing and Maintaining Your PC, 7e
Rootkit A rootkit is a set of tools which take the ability to access a computer or computer network at administrator level. Generally, hackers install.
A Trojan is a computer program that contains the malicious code and it misleads users and user's computer. It aims to designed to perform something is.
CONFIGURING HARDWARE DEVICE & START UP PROCESS
Across the world McAfee providing the update protection solutions to the computer users. As same to the error above, wait for few minutes and think some.
Across the world McAfee providing the update protection solutions to the computer users. As same to the error above, wait for few minutes and think some.
Across the world McAfee providing the update protection solutions to the computer users. As same to the error above, wait for few minutes and think some.
Across the world McAfee providing the update protection solutions to the computer users. As same to the error above, wait for few minutes and think some.
ACROSS THE WORLD MCAFEE PROVIDING THE UPDATE PROTECTION SOLUTIONS TO THE COMPUTER USERS. AS SAME TO THE ERROR ABOVE, WAIT FOR FEW MINUTES AND THINK SOME.
Presentation transcript:

By, Anish Shanmugasundaram Yashwanth Sainath Jammi

 Software that enables continued privileged access to a computer.  Designed for a Unix System.  Hides its presence from administrators by subverting standard operating system functionality or other applications.  Attacker needs a root-level access to install a rootkit.

 It targets BIOS (basic input/output system) ROMs.  BIOS :- Software responsible for booting up a computer.  First malware since IceLord that targets BIOS.  Attacks only BIOS ROMs made by Award Company.  Exclusively targets Chinese users protected by Chinese security software Rising Antivirus and Jiangmin KV Antivirus.  Designed to evade Anti-virus detection.

 Consists of a BIOS rootkit, an MBR (master boot record), a kernel mode rootkit, portable executable file infector and trojan downloader  Adds malicious instructions that are executed early in a computer's boot-up sequence thus reflashing the BIOS of computer it attacks.  To gain access to the BIOS, the infection first needs to get loaded in kernel mode so that it can handle with physical memory.

 The malware can extract and load the flash.dll library which will load the bios.sys driver.  It can also load by  stopping the beep.sys service key.  then overwrite the beep.sys driver with its own bios.sys code.  restart the service key and restore the original beep.sys code.

 Job of MBR ends here after loading the infection.  When Windows startup, It will load the patched executable.  Then, the payload self-decrypts its malicious code and loads in memory the my.sys driver.  Then it searches web pages to download additional infection.

 Google and Yahoo webpages are redirected.  Desktop background image and Browser homepage settings are changed.  Slows down the computer and internet.  Corrupts the windows registry and can cause unwanted pop up ads.  It can infect and can cause a computer crash.  It may contain keyloggers which is a software used to steal sensitive data like passwords, bank account and credit card information.

 The first step in prevention a Mebromi rootkit will be to run the system in less privileged user mode.  Run the command sc lock at Command Prompt.  use HIPS (Host based Intrusion Prevention System) tool like AntiHook.  Firewall all networks.  Monitor all log files.

 Detection is difficult as it is designed to hide its existence.  Applications that can be used to detect the rootkits are :  Tripwire and AIDE  Chk rootkit  LSMO  KSTAT

 Even if an anti-virus product can detect and clean the MBR infection, it will be restored at the next system start-up when the malicious BIOS payload would overwrite the MBR code again.  Developing an anti-virus utility able to clean the BIOS code is a challenge because it needs to be totally error-proof to avoid rendering the system unbootable at all.  Thus Rebuilding the system would be the best bet to remove the infection.

 Mebromi is not designed to infect 64-bit operating system.  It cannot infect a system if it runs with less privileges.  it should be able to infect all the different releases and updates of Award, Phoenix, AMI BIOS’s which involves a high level of complexity.

THANKYOU

 uncover-first-active-bios-rootkit- attack/article/212035/  ootkit_discovered/   rootkit-bios-threat-in-wild.html  the-first-bios-rootkit-in-the-wild/  mebromi-removal-guide-how-to-remove-trojan- mebromi/

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.