RootKit

RootKitBy Parrag Mehta

1OUTLINEWhat is a RootKit ?InstallationTypesHow do RootKits work ?DetectionRemovalPreventionConclusionReferences

2What is a RootKit ?Software that allows continued privilege access to a computer system without the system users knowledge.RootKit comes from Root UNIX administrator account and Kit Software components that implement the tool.

3INSTALLATIONExploit Security VulnerabilitiesCracking a PasswordTrick user into executing malicious codeSocial EngineeringMalware is beneficial

4TYPESPersistentActivated every time system starts upNon-persistentNot capable of running again on system start upWay in which they executeUser ModeKernel Mode

5How do RootKits work ?RootKits use a simple concept called ModificationSome places where modifications can be made in the software:PatchingEaster EggsSpyware ModificationsSource-Code ModificationsLegality of Software Modifications

6DETECTIONAlternative trusted mediumBehavioral-basedSignature-basedDifference-basedIntegrity-based Memory Dump

7REMOVALRe-install OS from trusted mediaHighly recommendedRe-install from scratchAnti-virus softwareMalicious software removal toolAVG Pro SpySweeper

8PREVENTIONUse Anti-virus SoftwareInstall a FirewallUse good passwordsKeep Software up to dateFollow good security practices

9CONCLUSIONThus, we have seen what Rootkits are, how they work, how can they be detected and removed and also what are the prevention mechanisms.We also conclude that there is no concrete method to detect and remove RootKits.

10REFERENCEShttp://en.wikipedia.org/wiki/Rootkit#cite_note-48http://www.bestsecuritytips.com/xfsection+article.articleid+122+page+1.htmhttp://www.informit.com/articles/article.aspx?p=408884&seqNum=5THANK YOU12