Love2Sexy Graphics : MySpace, Cherry Tap, Tagged, Hi5, Friendster etc...
 
Say Hello
What Is This?
Links
Stay Secure On The Web
Why You Need Mozilla Firefox?
Not The Best Online Game But You Can WIN Real Money..
Hate Your Friends? Don't Tell Them This Blog!
Sponsored Links
 
Rootkits - Threat Of The Future


All these days we've fought against viruses, trojans, spywares and all those bad things around in the depth of internet and the fight is still on against them. Everyday the world gets new threat from thousands of viruses and we have lots of companies now fighting against them (Yes! we have almost equal number of ANTI Tools!!). And so to give the new dimensions to this battle, underworld has brought a new threat and a strong weapon with them. Let me introduce the new threat (warrior, bad monster or what ever you want to call it), it is called RootKit.

I'll just explain what RootKits are, their types, what can be the worst cases and how to fix them in this technical article.

What are rootkits and its origin?

Rootkits can be called those programs whose function is to hide itself from the user and from the system so that they can't be found out easily. They can be good & bad but generally it is bad side which wants to hide itself from the user. So, we are not going to deal with the good side (hardly any) and we are going to discuss the bad side of the rootkits only.

The word "Root" of rootkits has been ported from UNIX, where "Root" is the system administrator's account. And rootkits were the set of tools and utilities which helped the "hackers" to crack the password of the root account and without letting the system administrator know about it.

Well, rootkits are quite similar to viruses atleast its function is similar to that of viruses or in short they are developed to create problem. However, the way they are deployed are different. Viruses spread faster than rootkits (as of now) however, recently a varient of infamous Coolweb search has used the methods as of rootkits to deploy itself.

What types of rootkits are there?

There are three kinds of rootkits at this point of time and there deployment is completely different :

1. Kernel Level Rootkits : This type of rootkit adds additional code in the Kernel of the OS (core, heart of operating system) and makes it (kernel) believe that it (rootkit) doesn't exist.

2. Library Level Rootkits : This type of rootkits work higher up in the OS & they generally hack the SYSTEM CALLS to hide its presence. They generally do it by hooking, patching or replacing the System calls.

3. Application Level Rootkits : This type of rootkits work on the grounds of Library Level Rootkits only however they work directly on the application instead of system calls, I.e., they patch, replace the whole application with a different trojanised program and thus it works in the background while you are running the application and it becomes difficult to figure out that the system is infected with rootkit or not.

What is the worst case scenario?

Well, consider that your whole OS is fully under control of rootkits! yes, that is the worst case scenario as of now. However, luckily it is just tested by some WHITE COLLAR DEVELOPERS to keep themselves ahead of the BLACK COLLAR DEVELOPERS. It is not floating in the internet at this point of time.

Well, this can be done by using the Virtual Machine technology. Remember my post, the one which taught you to install Linux on the windows platform ? Well, if not then you can read it over here : How to run linux in window. Well, so this kind of technique can be used to deploy the rootkit. The PC with in PC is called GUEST OS. This type of Rootkit is called Virtual Machine Based Rootkits and the PC running the Virutal PC is called the HOST OS. So, A VMBR can do the damage by installing itself in whatever way and then will boot itself first in the boot sequence and then will load the original OS as the GUEST OS. This way OS will never be able to find out that the computer is in control of a ROOTKIT. With VMBR all kind of information will get into danger because a VMBR will be able to log all the keystrokes, files and can send it to the maker of VMBR.

What is the way to detect them?

Well, till this time we've learned what rootkits are and how they are difficult to detect and how dangerous they can get. But now we will learn the way of detecting them. The problem is that it is a bit difficult to cure the system infected with rootkits and most of the advanced players of the computers will also suggest you to take the backup and then simply reload the whole OS. So, our main function is to detect whether our system is infected from a rootkit or not. There are certain tools available and some simple precautionary steps which can help us to be safe from the rootkits :

1. Best way of detecting the rootkit is to boot the computer from a different source because a non-running rootkit cannot hide its presence and thus it will become easy for an anti-virus program to detect the possible infection.

2. Blacklight : Well, this is a program from F-Secure and it is free for personal use. It is currently in BETA phase and is avaiable on F-Secure's website.

3. Rootkit Revealer : This program is from sysinternals and is one of the best known program to fight against Rootkits. Well, its working is best explained in the website only.

4. Another way is to prevent your computer from being infected and the way to do is by taking precautions! Yes, we've all heard of a famous quotation "prevention is better than cure" and that is applicable over here too. You can follow these articles and you can try to become safe from rootkits :
a) Great free protection for your PC!
b) Triple Protection for your PC.
c) Free way of keeping your computer safe!

Well some of the tips which will always make you safe : make sure that you are keeping your computer up to date by updating the OS, never download stuff from untrusted sites as they all are the biggest sources of spyware, viruses and possibly rootkits too!




All Articles






Photo Sharing and Video Hosting at Photobucket





Labels:

 
You're Not Welcome But You Can Comeback Anytime..
Sponsored Ads
Get Comments Here
Other Pictures
Free Links So You Don't Have To Pay..
Related Links
Ads
Chat Or Don't Chat?