chapter 3

Chapter 3

Rootkits: Sneaky, Stealthy Toolboxes

Outline

What is a Rootkit? What are Rootkits used for? Rock Star Rootkit: Sony's famous Malware How Rootkits Work Rootkit Scanners The Simplest Rootkit Removal Technique

What is a Rootkit?

Let's say your computer looks like it is infected by a virus or by adware, but a scan doesn't reveal anything.

The solution might lie in a rootkit. A Rootkit is a technology which hides itself and

other programs and prevents their detection.

What are Rootkits used for?

They are used to make it harder to remove the malware they hide.

Rock Star Rootkit: Sony's famous Malware

It started as DRM software: two technologies: XCP or Mediamax

It “hid” all files whose name started with $sys$ How to tell whether you have a bad CD: It says “Copy Protected” in the Spine. On the back it says “Compatible with” and some

system specs. (see the rest on page 91)

How Rootkits Work

Rootkits conceal the trails that lead to the virus by modifying the operating system

Rootkit Scanners

Root kit scanners are included in McAfee, Norton, F-Secure, etc. security utility.

Best to use more than one Freely available:

F-Secure Blacklight Rootkit Revealer Microsoft Windows MaliciousSoftware Removal

Tool Rootkit Hook Analyzer

The Simplest Rootkit Removal Technique

Use System Restore (page 99)