Description: A rootkit is software that implements stealth capabilities that are designed to hide the existence of certain processes or programs. While some uses of the technology may be beneficial, the most notable usage is by malware seeking to avoid detection by antivirus software. The term rootkit is derived from a concatenation of "root" (the traditional name of the privileged account on Unix operating systems) and the word "kit" (which refers to the software components that implement the tool). On Unix systems, rootkits originally allowed backdoor privileged access to a computer by subverting standard tools like ls; today, the term is used more widely to refer to any software implementing cloaking.[1]
Rootkit installation can be automated, or an attacker can install it once they've obtained root or Administrator access. Obtaining this access is either a result of direct attack on a system (i.e. exploiting a known vulnerability, password (either by cracking, privilege escalation, or social engineering). Once installed it becomes possible to hide the intrusion as well as to maintain privileged access. Like any software they can have a good purpose or a malicious purpose. The key is the root or Administrator access. Full control over a system means that existing software can be modified, including software that might otherwise be used to detect or circumvent it.
Rootkit detection is difficult because a rootkit may be able to subvert the software that is intended to find it. Detection methods include using an alternative, trusted operating system; behavioral-based methods; signature scanning; difference scanning; and memory dump analysis. Removal can be complicated or practically impossible, especially in cases where the rootkit resides in the kernel; reinstallation of the operating system may be the only available solution to the problem. When dealing with firmware rootkits, removal may require hardware replacement, or specialised equipment.
Tags: Rootkits ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
really nice demo!. concept clear video regarding rootkits.
thanks
Yah Nice Video :) Thanks !