Advice Request What is a rootkit?

Please provide comments and solutions that are helpful to the author of this topic.

Are you afraid of rootkits?

  • Yes

    Votes: 6 19.4%
  • No

    Votes: 25 80.6%

  • Total voters
    31
D

Deleted member 178

Thread author
It’s not a virus. It’s not a worm and it’s not a trojan. Nor is it spyware and – despite what imagery the name might evoke – it’s definitely not a piece of agricultural machinery. So then, what exactly is a rootkit?

While being closely associated with malware, rootkits are not inherently malicious. However, their ability to manipulate a computer’s operating system and provide remote users with administrator access has – unsurprisingly – made them popular tools among cybercriminals.

Read on to learn more about what rootkits are, find out how they work and what you can do to protect your system against this long-standing cyber threat.

Read more here
 

tim one

Level 21
Verified
Honorary Member
Top Poster
Malware Hunter
Jul 31, 2014
1,086
Long ago there were 32-bit rootkits that exploited the SSDT table to interface directly with the kernel, using this method: Application -> Native API -> NT Kernel.
Then the rootkit tried to find the address of the SSDT table by importing the structure of KeServiceDescriptorTable, by reading out the address of the native API and invoking it, and then having, according to the limits of the API itself, the highest privilege on the system.

Then with 64-bit technology a 32-bit rootkit has real difficulties exploiting SSDT Hooking, because MS has patched the kernel (of course it is still vulnerable :rolleyes:), and now the SSDT consists of an array of pointers.
This "protection" is bypassable thanks to a driver where it is implemented an algorithm for the analysis of KeSystemServiceStart.

The technologies may change, but the malware adapts itself to them, and the danger of the new malcodes is huge, that's why we have to implement solid security layers.
 
D

Deleted member 65228

Thread author
Sony should have just tried to locate who was responsible for pirating their content and sue them for every penny they had. Their rootkit worked for awhile but it didn't last long because SysInternals caught them out while testing out a new creation they were working on at the time - after that it was game over.

Back then during those times, things were a lot different. I would say what they did was morally wrong and ethically bad, but during those times? Maybe I wouldn't have thought this, because there was less research and less laws about how things work, etc. They learnt from their mistakes though and they haven't done a repeat which is good news.
 

Iapepe

Level 10
Verified
Mar 17, 2013
461
Rootkit Definition (Kaspersky)

Rootkit is a term applied to a type of malware that is designed to infect a target PC and allow an attacker to install a set of tools that grant him persistent remote access to the computer. The malware typically will be hidden deep within the operating system and will be designed to evade detection by anti-malware applications and other security tools. The rootkit may contain any number of malicious tools, such as a keystroke logger, a password stealer, a module for stealing credit card or online banking information, a bot for DDoS attacks or functionality that can disable security software. Rootkits typically act as a backdoor that gives the attacker the ability to connect remotely to the infected machine whenever he chooses and remove or install specific components. Some examples of Windows-based rootkits in active use today include TDSS, ZeroAccess, Alureon and Necurs.

What is a Rootkit?
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top