Wednesday, 08 February 2012
Home arrow Security information arrow Rootkit possibilities and how to reveal them
Security software
Anti spam tools
Anti spyware tools
Antivirus
Backup
Encryption
Firewall
Free software
Passwords managers
Popup ad blockers
Other
Other
Submit software
Security news
Security information
Contact us


RSS
Security software
Security software


Sell software online
Affiliate Programs
Hand guns


Rootkit possibilities and how to reveal them
Wednesday, 09 November 2005
One of the greatest problems for authors of nocuous programs always was impossibility of long preservation of presence of a foreign code in system imperceptible for the user, and in an ideal - and for anti-virus means.

Recently, when the writing of the nocuous software has turned from employment "as a hobby" in profitable though also criminal business, a problem of ā€˛concealment of traces " becomes especially actual for hackers-businessmen. In what image it is possible to hide the program stealing bank requisites, or the illegal proxy-server intended for dispatch of a spam, from the owner of a computer?

Modern cyber criminals solve this problem in the same way as it solved "script kiddies" 10-15 years ago. One of the first known viruses for PC was Virus. Boot. Brain.a - a loading virus which intercepted system functions of access to a disk and at reading loading sector (for example, the anti-virus program) substituted on a place infected original data. In due course the same stealth-mechanisms (interception of system functions and substitution of data returned by them) began to be used in Windows-viruses (Virus. Win32. Cabanas.a).

In world UNIX nocuous programs yet have not received such distribution as in DOS and Windows, however the term rootkit which now is often used for a designation of the stealth-technologies applied by authors of Trojan programs under Windows therefrom has come.

Initially term rootkit is a set of the programs allowing the hacker to be fixed by the cracked machine and to prevent the detection. For this purpose system executed files (login, ps, ls, netstat, etc.) or system libraries (libproc.a) are substituted, or the module of a kernel - all with the same purpose is established: to intercept attempts of the user to receive the true information that occurs on its computer.

Recently use of rootkit-technologies for concealment of presence nocuous ON becomes more and more popular, that proves to be true growth stable numbers of monthly found out new rootkit-programs.

Growth of popularity rootkit is connected with the open distribution on the Internet of initial codes of many rootkit, that allows any virus writers without special work to create own updatings. One more aspect promoting prevalence rootkit consists that the majority of users of OS Windows work under the rights of the manager that substantially facilitates successful installation rootkit on the user computers.

Invisibility for the user and impossibility of detection is quite openly advertised by antiviruses as virus writers and developers so-called "legal" spyware software.

Reveal rootkits
Reveal Aries rootkit

 
< Prev   Next >
[ Back ]
© 2004-2007 Daita.org