It was followed by HackerDefender in 2003. The first malicious rootkit for the Windows NT operating system appeared in 1999: a trojan called NTRootkit created by Greg Hoglund. This exploit was equivalent to a rootkit. A review of the source code for the "login" command or the updated compiler would not reveal any malicious code. Additionally, the compiler would detect attempts to compile a new version of the compiler, and would insert the same exploits into the new compiler. The modified compiler would detect attempts to compile the Unix "login" command and generate altered code that would accept not only the user's correct password, but an additional password known to the attacker. Ken Thompson of Bell Labs, one of the creators of Unix, subverted the C compiler in a Unix distribution and discussed the exploit in the lecture he gave upon receiving the Turing award in 1983. Lane Davis and Steven Dake wrote the earliest known rootkit in 1990 for Sun Microsystems' SunOS UNIX operating system. These first generation rootkits were trivial to detect by using tools such as Tripwire that had not been compromised to access the same information. If an intruder could replace the standard administrative tools on a system with a rootkit, the intruder could obtain root access over the system whilst simultaneously concealing these activities from the legitimate system administrator. The term rootkit or root kit originally referred to a maliciously-modified set of administrative tools for a Unix-like operating system that granted " root" access. Over time, DOS-virus cloaking methods became more sophisticated, with advanced techniques including the hooking of low-level disk INT 13H BIOS interrupt calls to hide unauthorized modifications to files. The first documented computer virus to target the PC platform, discovered in 1986, used cloaking techniques to hide itself: the Brain virus intercepted attempts to read the boot sector, and redirected these to elsewhere on the disk, where a copy of the original boot sector was kept. 1.1 Sony BMG copy protection rootkit scandal.When dealing with firmware rootkits, removal may require hardware replacement, or specialised equipment. Removal can be complicated or practically impossible, especially in cases where the rootkit resides in the kernel reinstallation of the operating system may be the only available solution to the problem.
Detection methods include using an alternative, trusted operating system behavioral-based methods signature scanning difference scanning and memory dump analysis. Rootkit detection is difficult because a rootkit may be able to subvert the software that is intended to find it. Full control over a system means that existing software can be modified, including software that might otherwise be used to detect or circumvent it. The key is the root/Administrator access. Like any software they can have a good purpose or a malicious purpose.
Once installed it becomes possible to hide the intrusion as well as to maintain privileged access. exploiting a known vulnerability, password (either by cracking, privilege escalation, or social engineering)). Obtaining this access is either a result of direct attack on a system (i.e. Rootkit installation can be automated, or an attacker can install it once they've obtained root or Administrator access. The term "rootkit" has negative connotations through its association with malware. The term rootkit is a concatenation of "root" (the traditional name of the privileged account on Unix operating systems) and the word "kit" (which refers to the software components that implement the tool). A rootkit is a stealthy type of malicious software (malware) designed to hide the existence of certain processes or programs from normal methods of detection and enable continued privileged access to a computer.
0 kommentar(er)
