Network Security » Rootkits

Rootkits

The word "Rootkits" may sound cool but they are used by malicious hackers to control, hijack your internet bandwidth, attack or ferret information from systems on which the software has been installed, typically without the owner’s knowledge, either by a virus or after a successful hack of the computer’s defenses. Rootkits are programs (device drivers) that can be used with potentially any malware to hide its characterstics like network activities and running processes. Once installed, many rootkits run quietly in the background but can easily be spotted by looking for memory processes that are running on the infected system, monitoring outbound communications from the machine, or checking for newly installed programs.

Security researchers are warning about a new generation of powerful system-monitoring programs that are almost impossible to detect using current security products and could pose a serious risk to company and individual personal computers. Rootkits are used by malicious hackers to control, attack or ferret information from systems on which the software has been installed, typically without the owner’s knowledge, either by a virus or after a successful hack of the computer’s defenses, they said.

One rootkit, called Hacker Defender (Virtool:WinNT/Hackdef), that was released in 2004, even uses encryption to protect outbound communications and can piggyback on commonly used ports such as TCP Port 135 to communicate with the outside world without interrupting other applications that use that port, he said. The kernel rootkits are invisible to many detection tools, including antivirus, host and network intrusion-detection sensors and antispyware products, the researchers said. In fact, some of the most powerful tools for detecting the rootkits are designed by rootkit authors, not security companies.

Currenty there are two known software tools available that could be use to detect the current crop of kernel rootkits are Sysinternals’ Rootkitrevealer and F-Secure’s blacklight. However, rootkit authors are adept at spotting new detection techniques and modifying their programs to slip around them

Updated On: 15.02.17

Leave your message, comment or feedback:
Your Name (shown) & Your E-mail (hidden) is used only to alert you when someone reply your message.