Please provide comments and solutions that are helpful to the author of this topic.
- Nov 5, 2011
- 5,855
Long ago there were 32-bit rootkits that exploited the SSDT table to interface directly with the kernel, using this method: Application -> Native API -> NT Kernel.
Then the rootkit tried to find the address of the SSDT table by importing the structure of KeServiceDescriptorTable, by reading out the address of the native API and invoking it, and then having, according to the limits of the API itself, the highest privilege on the system.
Then with 64-bit technology a 32-bit rootkit has real difficulties exploiting SSDT Hooking, because MS has patched the kernel (of course it is still vulnerable
), and now the SSDT consists of an array of pointers.
This "protection" is bypassable thanks to a driver where it is implemented an algorithm for the analysis of KeSystemServiceStart.
The technologies may change, but the malware adapts itself to them, and the danger of the new malcodes is huge, that's why we have to implement solid security layers.
Then the rootkit tried to find the address of the SSDT table by importing the structure of KeServiceDescriptorTable, by reading out the address of the native API and invoking it, and then having, according to the limits of the API itself, the highest privilege on the system.
Then with 64-bit technology a 32-bit rootkit has real difficulties exploiting SSDT Hooking, because MS has patched the kernel (of course it is still vulnerable
), and now the SSDT consists of an array of pointers.This "protection" is bypassable thanks to a driver where it is implemented an algorithm for the analysis of KeSystemServiceStart.
The technologies may change, but the malware adapts itself to them, and the danger of the new malcodes is huge, that's why we have to implement solid security layers.
- May 16, 2017
- 198
Or Sony: Sony BMG copy protection rootkit scandal - WikipediaIt's McAfee.
Sony should have just tried to locate who was responsible for pirating their content and sue them for every penny they had. Their rootkit worked for awhile but it didn't last long because SysInternals caught them out while testing out a new creation they were working on at the time - after that it was game over.
Back then during those times, things were a lot different. I would say what they did was morally wrong and ethically bad, but during those times? Maybe I wouldn't have thought this, because there was less research and less laws about how things work, etc. They learnt from their mistakes though and they haven't done a repeat which is good news.
Rootkit Definition (Kaspersky)
Rootkit is a term applied to a type of malware that is designed to infect a target PC and allow an attacker to install a set of tools that grant him persistent remote access to the computer. The malware typically will be hidden deep within the operating system and will be designed to evade detection by anti-malware applications and other security tools. The rootkit may contain any number of malicious tools, such as a keystroke logger, a password stealer, a module for stealing credit card or online banking information, a bot for DDoS attacks or functionality that can disable security software. Rootkits typically act as a backdoor that gives the attacker the ability to connect remotely to the infected machine whenever he chooses and remove or install specific components. Some examples of Windows-based rootkits in active use today include TDSS, ZeroAccess, Alureon and Necurs.
What is a Rootkit?
Rootkit is a term applied to a type of malware that is designed to infect a target PC and allow an attacker to install a set of tools that grant him persistent remote access to the computer. The malware typically will be hidden deep within the operating system and will be designed to evade detection by anti-malware applications and other security tools. The rootkit may contain any number of malicious tools, such as a keystroke logger, a password stealer, a module for stealing credit card or online banking information, a bot for DDoS attacks or functionality that can disable security software. Rootkits typically act as a backdoor that gives the attacker the ability to connect remotely to the infected machine whenever he chooses and remove or install specific components. Some examples of Windows-based rootkits in active use today include TDSS, ZeroAccess, Alureon and Necurs.
What is a Rootkit?
- Mar 1, 2014
- 1,708
I voted "Yes."
Of course, I'm afraid of rootkits. They're nasty pieces of malware.
But, with my lappy's current security setup, am I worried about being infected by it? No.
Of course, I'm afraid of rootkits. They're nasty pieces of malware.
But, with my lappy's current security setup, am I worried about being infected by it? No.
- Jul 5, 2016
- 416
I still have a Neil Diamond with that rootkit on. I bought the cd just because of that. thought it would be a collectors item.
Do you remember the Norton recycle rootkit like bin? https://www.scmagazine.com/symantec-owns-up-to-rootkit/article/551127/
Do you remember the Norton recycle rootkit like bin? https://www.scmagazine.com/symantec-owns-up-to-rootkit/article/551127/
