LiveShare

Before getting into so deep web, first let’s understand what are malwares.. Everyone knows what is a Virus?, but people first understand ROOTKIT, ‘coz i personally believe that these does more damage than a usual virus. Lets see what Wikipedia says to it…

Wikipedia:

A rootkit is malware which consists of a program (or combination of several programs) designed to hide or obscure the fact that a system has been compromised. Contrary to what its name may imply, a rootkit does not grant a user administrator access as it requires such access to execute and tamper with system files and processes. An attacker may use a rootkit to replace vital system executables which may then be used to hide processes and files the attacker has installed along with the presence of the rootkit itself. Access to the hardware (e.g., the reset switch) is rarely required as a rootkit is intended to seize control of the operating system running on the hardware. Typically, rootkits act to obscure their presence on the system through subversion or evasion of standard operating system security mechanisms. Often, they are Trojans as well, thus fooling users into believing they are safe to run on their systems. Techniques used to accomplish this can include concealing running processes from monitoring programs, or hiding files or system data from the operating system. Rootkits may also install a ‘backdoor’ in a system by replacing the login mechanism (such as /bin/login) with an executable that accepts a secret login combination which in turn allows an attacker to access the system regardless of changes to the actual accounts on the system.

Rootkits may have originated as regular applications, intended to take control of a failing or unresponsive system, but in recent years have been largely malware to help intruders gain access to systems while avoiding detection. Rootkits exist for a variety of operating systems, such as Microsoft Windows, Linux, Mac OS, and Solaris. Rootkits often modify parts of the operating system or install themselves as drivers or kernel modules, depending on the internal details of an operating system’s mechanisms.

So basically, A rootkit is a program that a hacker uses to mask intrusion and obtain administrator-level access to a computer or computer network. The intruder installs a rootkit on a computer using a user action or by exploiting a known vulnerability or cracking a password. The rootkit installs a backdoor giving the hacker a full control of the computer. It hides their files, registry keys, and process names, and network connections from your eyes.

Your antivirus could not detect such programs because they use compression and encryption of its files.

So, how to fight this deep shit?

Wait for the next post

Trackback URI | Comments RSS