Rootkits Revealed

rootkitAs mentioned earlier rootkits have been associated with UNIX then Linux and today even with windows. Here in this post we will discuss tools and programs that are bundled with rootkits and their functions in short. The main job of rootkit is to provide an attacker unauthorized access to compromised system.
Once an attacker gets access to target system he/she may want to revisit system for some other malicious activities.
In general a rootkit is group of programs or tools like sniffers, keyloggers, spyware, remote administration, log cleaner, trace removers etc. Rootkit can crack the password at the admin level as well as exploit the system’s vulnerability. A rootkit can compromise security of the affected system and can also violate its integrity. As mentioned earlier the main motive of rootkit is to allow repeated access of attacker to target system, installing RAT or backdoor process can serve to meet hacker this objective.
To facilitate continued access a rootkit may disable auditing and edit event log to hide its presence. Next to it, it can modify commands in UNIX and Linux system commands to make itself stealthy. It  can also modify device drivers and can take over kernel even in runtime.
Now why an attacker thinks to plant a rootkit. The answer is very simple it provides undisputed and uninterrupted access, that too in super user mode, automatically sniffs important data from network, can easily hide inside command or process, can bypass nearly all security measures once installed.
The components of rootkit are installed either in user mode or in kernel sony-rootkitmode. The user mode rootkit modifies system binaries whereas the kernel mode rootkit transforms the system calls from legitimate applications to output the attacker’s data instead of the genuine data. Removal of rootkit is easy but not its payload. Rootkits can be removed using alternative drive other than which is infected or better way re-installing system.
An attacker needs administrative privileges to install rootkit in system, so its better to protect system before it gets compromised.
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s