Presentation is loading. Please wait.

Presentation is loading. Please wait.

Vijay Krishnan Avinesh Dupat. A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators.

Published byCharity Wilkerson Modified over 9 years ago

Similar presentations

Presentation on theme: "Vijay Krishnan Avinesh Dupat. A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators."— Presentation transcript:

1 Vijay Krishnan Avinesh Dupat

2 A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators by subverting standard operating system functionality or other applications The main purpose of a Rootkit is to make unauthorized modifications to the software in your PC

3 Provide an attacker full access via backdoor techniques. Conceal other malware. Appropriate the compromised machine as a zombie computer for attacks on other computers. Non Hostile Rootkits-Anti-theft protection, Enforcement of DRM, Enhance emulation software and security software

4 Attacker identifies an existing vulnerability in a target system. After gaining access to a vulnerable system, the attacker can install a rootkit manually. Can covertly steal user passwords, credit card information, computing resources, or to conduct other unauthorized activities without the knowledge of administrator

5 Spyware : Modifying software programs for the purpose of infecting it with spyware. Backdoor :Modification that is built into a software program in your computer that is not part of the original design of the program Byte Patching :Bytes are constructed in a specific order which can be modified by a rootkit Source code modification :modifying the code in the PC's software right at the main source

6 User mode : Run on a computer through administrator privileges Kernel mode : Installed at the same level as the PCs operating system Bootkits : A kernel-mode rootkit variant called a bootkit is used predominantly to attack full disk encryption systems Firmware : Create malcode inside the firmware while you computer is shut down

7 Proactive Preventing the rootkit from being installed Preventing compromise in the first place Reactive Detecting the Rootkit after it has been installed Removal of the Rootkit

8 The first step in prevention of Rootkit is to run in less privileged user mode. Use of the sc command in Windows XP. This locks up the Windows Service database. Use HIPS (Host based Intrusion Prevention System) tool like AntiHook Use a tool like Sandboxie which creates a sandbox like environment within which we can run any program

9 Very Difficult because Rootkit’s goal is to hide Antivirus products that have various levels of success with detecting rootkits. Enumerate your system's contents and boot up using a known-good operating system. Use of a packet sniffer, such as WinDump, or a network firewall

10 Alternative trusted medium Behavioral-based Signature-based Difference-based Integrity checking Memory dumps

11 Rootkit Detection tools -> Detect Rootkits Eg : Rootkit Revealer Rootkit Removal tools -> Eliminates Rootkits from the user’s system Eg : IceSword

12

13

14 Rebuilding the System is the BEST solution! Clean the infection Disable rootkit Boot with clean CD and remove rootkit’s resources

15 http://www.spamlaws.com/how-rootkits-work.html www.en.wikipedia.org http://swatrant.blogspot.com/2006/02/rootkit- detection-removal-and.html http://swatrant.blogspot.com/2006/02/rootkit- detection-removal-and.html http://www.dba- oracle.com/forensics/t_forensics_network_attack.htm http://www.dba- oracle.com/forensics/t_forensics_network_attack.htm http://technet.microsoft.com/en- us/library/cc512642.aspx http://technet.microsoft.com/en- us/library/cc512642.aspx http://www.windowsitpro.com/article/antivirus/defen ding-against-rootkits.aspx http://www.windowsitpro.com/article/antivirus/defen ding-against-rootkits.aspx

16 THANK YOU!

Download ppt "Vijay Krishnan Avinesh Dupat. A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators."

Similar presentations

Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
1 Computer and Internet Security JCCAA Presentation 03/14/2009 Yu-Min (Phillip) Hsieh Sr. System Administrator Information Technology Rice University.

1 Computer and Internet Security JCCAA Presentation 03/14/2009 Yu-Min (Phillip) Hsieh Sr. System Administrator Information Technology Rice University.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Day 4-1-1 anti-virus 3-3-1.anti-virus 1 detecting a malicious file malware, detection, hiding, removing.

Day anti-virus anti-virus 1 detecting a malicious file malware, detection, hiding, removing.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Introducing Kaspersky OpenSpace TM Security Introducing Kaspersky ® OpenSpace TM Security Available February 15, 2007.

Introducing Kaspersky OpenSpace TM Security Introducing Kaspersky ® OpenSpace TM Security Available February 15, 2007.
ROOTKIT VIRUS by Himanshu Mishra Points to be covered Introduction History Uses Classification Installation and Cloaking Detection Removal.

ROOTKIT VIRUS by Himanshu Mishra Points to be covered Introduction History Uses Classification Installation and Cloaking Detection Removal.
Students: Jacek Czeszewski and Marcos Verdini Rosa Professor: José Manuel Magalhães Cruz.

Students: Jacek Czeszewski and Marcos Verdini Rosa Professor: José Manuel Magalhães Cruz.
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
By Joshua T. I. Towers. 13.3 $13.3 billion was the direct cost of malware for business in 2006 “direct costs are defined as labor costs to analyze, repair.

By Joshua T. I. Towers $13.3 billion was the direct cost of malware for business in 2006 “direct costs are defined as labor costs to analyze, repair.
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.
Vijay krishnan Avinesh Dupat  Collection of tools (programs) that enable administrator-level access to a computer or computer network.  The main purpose.

Vijay krishnan Avinesh Dupat  Collection of tools (programs) that enable administrator-level access to a computer or computer network.  The main purpose.
Network Security Peter Behrens Seth Elschlager. Computer Security Preventing unauthorized use of your network and information within that network. Preventing.

Network Security Peter Behrens Seth Elschlager. Computer Security Preventing unauthorized use of your network and information within that network. Preventing.
ROOT KITS. Overview History What is a rootkit? Rootkit capabilities Rootkits on windows OS Rootkit demo Detection methodologies Good tools for detection.

ROOT KITS. Overview History What is a rootkit? Rootkit capabilities Rootkits on windows OS Rootkit demo Detection methodologies Good tools for detection.
Chapter 9 Security 9.7 - 9.8 Malware Defenses. Malware Can be used for a form of blackmail. Example: Encrypts files on victim disk, then displays message.

Chapter 9 Security Malware Defenses. Malware Can be used for a form of blackmail. Example: Encrypts files on victim disk, then displays message.
100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete.

100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete.
Internet Relay Chat Chandrea Dungy Derek Garrett #29.

Internet Relay Chat Chandrea Dungy Derek Garrett #29.
 What is Computer Security  Key Components  Levels  Challenges  Attacks  Desktop Security  Why it is important  Virus/Worms/Trojans  Tips  Web.

 What is Computer Security  Key Components  Levels  Challenges  Attacks  Desktop Security  Why it is important  Virus/Worms/Trojans  Tips  Web.
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Similar presentations

Ads by Google