chapter 3
DESCRIPTION
Rootkits: Sneaky, Stealthy Toolboxes. Chapter 3. Outline. What is a Rootkit? What are Rootkits used for? Rock Star Rootkit: Sony's famous Malware How Rootkits Work Rootkit Scanners The Simplest Rootkit Removal Technique. What is a Rootkit?. - PowerPoint PPT PresentationTRANSCRIPT
Chapter 3
Rootkits: Sneaky, Stealthy Toolboxes
Outline
What is a Rootkit? What are Rootkits used for? Rock Star Rootkit: Sony's famous Malware How Rootkits Work Rootkit Scanners The Simplest Rootkit Removal Technique
What is a Rootkit?
Let's say your computer looks like it is infected by a virus or by adware, but a scan doesn't reveal anything.
The solution might lie in a rootkit. A Rootkit is a technology which hides itself and
other programs and prevents their detection.
What are Rootkits used for?
They are used to make it harder to remove the malware they hide.
Rock Star Rootkit: Sony's famous Malware
It started as DRM software: two technologies: XCP or Mediamax
It “hid” all files whose name started with $sys$ How to tell whether you have a bad CD: It says “Copy Protected” in the Spine. On the back it says “Compatible with” and some
system specs. (see the rest on page 91)
How Rootkits Work
Rootkits conceal the trails that lead to the virus by modifying the operating system
Rootkit Scanners
Root kit scanners are included in McAfee, Norton, F-Secure, etc. security utility.
Best to use more than one Freely available:
F-Secure Blacklight Rootkit Revealer Microsoft Windows MaliciousSoftware Removal
Tool Rootkit Hook Analyzer
The Simplest Rootkit Removal Technique
Use System Restore (page 99)