Tech Tips Home
The Best Tech Tips And Daily Deals
Newsletter On The Internet!

Shop online 24hrs a day or call us Mon-Fri
8:30AM-4:30PM EST - 1-800-915-2088
WorldStart Tech Tip And Store Search
Email: Password: Login Remember Me
looking for freeware

Like what you see here? Subscribe to the Tech Tips newsletter!   Email: Subscribe

Rootkits

Thursday, August 25th, 2005 by | Filed Under: Security Help
 
Loading...


27 July 2005

Rootkits have been around for over 10 years, and known by other names before that. They are suites of small programs that exploit your system in a way that can be next to impossible to detect and even harder to remove if one finds its way on to your system. The name comes from what it does—it gives the attack administrator access to the Root Directory of your system allowing the program to rewrite the kernel hiding itself and any other programs it may load in you system. There are two basic types of Rootkits: Application and Kernal.

An Application rootkit is one that basically recreates program files with augmented bogus ones.

A Kernel rootkit is one that can actually write code to your Operating System’s kernel allowing it to exist on your PC without a trace. See, usually you can spot these malicious programs by viewing your Processes from within your Task Manager, looking for suspicious CPU usage and shutting it down. Well, with a kernel rootkit this is all masked so there is no entry in your processes or in your programs file—the program according to your system it doesn’t exist. Rootkits attempt to collect data from your system and transmit back to the attacker. Not only does the Rootkit encrypt this data, but can wait and “piggyback” on known programs such as an email message to access the Internet unbeknownst to your firewall.

Rootkits are distributed similar to viruses, through an Operating System’s known security hole, downloaded with other programs, or any other common infection techniques. Rootkits do not attempt to redistribute themselves like a virus does however. The focus behind most viruses is to infect as many systems as possible, look for passwords or use your system as a SPAM platform. Rootkits or more about quality and less about quantity, your typical rootkit isn’t looking for another host it just wants to gets its money’s worth out of the one it has under its thumb. It will continually run scans on itself to ensure it is still running unnoticed in the system and re-infect an area of the system if it needs to.

Once infected a rootkit can actually install other worms, or any malicious code to perform functions, using the benefit of total concealment. This is a “Blended Attack” and is possibly one of the worst scenarios you and your PC could be in. On top of everything else, this type of infection, or attack can go on for great lengths of time—longer than your typical virus. If the rootkit is working your machine will think nothing is wrong, while lurking in the background unseen programs carry out their insidious duties.

There has been silent defensive preparation for the rootkit. Microsoft, for example, has not only acknowledged the threat back in February of this year, but has also bought a new anti virus company and plans to include rootkit detection and removal capabilities. Other protection software manufactures (i.e. Sysinternals, F-Secure) are also starting to include rootkit detection to their line of software. The only problem is that the rootkit creators in this arena have the definite upper hand leaving the protective software manufacturers playing catch-up.

As of now there are few options for detecting and removing these rootkits. Microsoft is growing so concerned about the potential threat that it has announced that it will release a rootkit detection and removal kit in it’s Windows AntiSpyware application. The best defense may be having a firewall in place, updated antivirus/spyware and the rootkit detection programs. If you do become compromised the only thing you can do is to make absolute sure that you got rid of the rootkit is to completely reformat your hard drive. No good news in that department, and as these become more prevalent as time goes on one can only hope that the utility software companies can stay in front of this nemesis.

There are a couple of free programs out there, most in beta form, that will run a scan on your system. I recommend you download one and give it a whirl, get used to it, watch for updates, and include it in the regular security check that I know all of you do a few times every month.

F-Secure Backlight
http://www.f-secure.com/blacklight/

Microsoft Strider GhostBuster Rootkit Detection Overview
http://research.microsoft.com/rootkit/

Sysinternals RootkitRevealer
http://www.sysinternals.com/Utilities/RootkitRevealer.html

Stay safe out there.

~ Chad

Chad Stelnicki

Comments are closed.

Like these tips? Get them for FREE in your email!

WorldStart's Tech Tips Newsletter

  • Tech Tips Daily - Become a tech pro! Get the very best tech and computer help sent directly to your email every weekday!

  • Tech Tips Weekly - If you don't want our Tech Tips newsletter every day, then sign up for this weekly newsletter to get the best information of the week. Sent on Fridays.

Other Newsletters

  • WorldStart's Daily Deals - Every week, we send out great deals in our Daily Deals newsletter. Many of these deals are exclusively for our Daily Deals newsletter subscribers and can't be found with our regular specials.

  • Just For Grins - Each issue includes a couple clean jokes, some funny quotes, and a hilarious reader's story. Newsletter is sent five days a week.


Enter Email Address:

Subscribe

Your e-mail address is safe with us!
We only use it to send you the newsletters you request. It is NEVER disclosed to a third party for any reason, ever! Plus, if you decided you don't like our newsletters (don't worry, you'll love them), unsubscribing is fast and easy.

Free Newsletter Signup



Tech Tips Daily

Become a tech pro! Get the very best tech and computer help sent directly to your email every weekday!

Tech Tips Weekly

The week's best in tech and computer help. Get your issue sent to your email every Friday!

WorldStart's Daily Deals

The very best deals on the Internet! Get a new set of incredible sales every day of the week!

Just For Grins

Clean jokes, funny quotes, and hilarious comics. Sent 5 times a week straight to your email.


Subscribe


Love Worldstart? Refer A Friend!

looking for freeware
WorldStart's Premium Membership

Tip Archive


Categories:
Archives: