General
Páginas: 3 (688 palabras)
Publicado: 22 de octubre de 2012
ROOTKITS:
Rootkit is a set of tools frequently used by computer hackers or crackers to gain access to a computer system illegally. These tools are used to hide processes and files that allow theintruder maintain access to the system, often with malicious intent. There are rootkits for a wide variety of operating systems like Linux, Solaris or Microsoft Windows. For example, the rootkit canhide an application to launch a console whenever the attacker logs into the system through a port. The kernel or kernel rootkits may contain similar features.
A backdoor may also allow the processeslaunched by a user without administrator privileges to run some features reserved only to the superuser. All kinds of useful tools to obtain information illegally can be hidden by rootkits.
They tryto cover up for other processes that are carrying out malicious actions on the system. For example, if the system has a back door to carry out espionage, the rootkit will hide open ports that exposethe communication, or if there is a system to send spam, hide the activity of the mail system.
Rootkits, being designed to go unnoticed, can not be detected. If a user attempts to analyze the systemto see what processes are running, the rootkit will display false information, showing all processes except himself and those who are hiding.
Or if you try to view a list of files in a system, therootkit will display that information but concealing the very existence of the rootkit file and process hiding.
When the virus made a call to the operating system to check which files are, or whentrying to determine which processes are running, the rootkit will distort the data and the antivirus can not receive the right information to carry out disinfection system.
You need a system tomonitor not only the activity of the files on disk, but beyond. Instead of analyzing the files byte by byte, should be monitored as they do when running.
A rootkit needs to perform some tasks that...
Rootkit is a set of tools frequently used by computer hackers or crackers to gain access to a computer system illegally. These tools are used to hide processes and files that allow theintruder maintain access to the system, often with malicious intent. There are rootkits for a wide variety of operating systems like Linux, Solaris or Microsoft Windows. For example, the rootkit canhide an application to launch a console whenever the attacker logs into the system through a port. The kernel or kernel rootkits may contain similar features.
A backdoor may also allow the processeslaunched by a user without administrator privileges to run some features reserved only to the superuser. All kinds of useful tools to obtain information illegally can be hidden by rootkits.
They tryto cover up for other processes that are carrying out malicious actions on the system. For example, if the system has a back door to carry out espionage, the rootkit will hide open ports that exposethe communication, or if there is a system to send spam, hide the activity of the mail system.
Rootkits, being designed to go unnoticed, can not be detected. If a user attempts to analyze the systemto see what processes are running, the rootkit will display false information, showing all processes except himself and those who are hiding.
Or if you try to view a list of files in a system, therootkit will display that information but concealing the very existence of the rootkit file and process hiding.
When the virus made a call to the operating system to check which files are, or whentrying to determine which processes are running, the rootkit will distort the data and the antivirus can not receive the right information to carry out disinfection system.
You need a system tomonitor not only the activity of the files on disk, but beyond. Instead of analyzing the files byte by byte, should be monitored as they do when running.
A rootkit needs to perform some tasks that...
Leer documento completo
Regístrate para leer el documento completo.