|
A rootkit is a program or set of programs that allow an intruder to gain
administrator level access to a computer system. A rootkit alters the execution
flow of the operating system or manipulates the data set that the operating
system relies upon for auditing and bookkeeping.
ROOTKIT can act as a hidden program running in the system that cannot be
detected by usual methods. Rootkits adopt various means to hide from normal
surveillance.
According to Wikipedia, there are at least five kinds of rootkits:
 firmware
virtualized
kernel
library
and application
level kits.
A firmware rootkit uses device or platform firmware to create a persistent
malware image.
Virtualized rootkits work by modifying the boot sequence of the
machine to load themselves instead of the original operating system. Once
loaded into memory, a virtualized rootkit then loads the original operating
system as a Virtual Machine, thereby enabling the rootkit to intercept all
hardware calls made by the guest OS.
Kernel level rootkits add additional code
and/or replace portions of an operating system, including both the kernel and
associated device drivers. They can be difficult to detect because they operate
at the same level as the operating system, thus they can modify or subvert any
request made by the software on the running system.
Library rootkits commonly patch, hook, or replace system calls with versions
that hide information about the attacker.
Application level rootkits may
replace regular application binaries with trojanized fakes, or they may modify
the behavior of existing applications using hooks, patches, injected code, or
other means.
Our Research and Development team continually works on developing new
techniques for tackling the latest threats from upcoming root kits.
|
Request a Quote
Email Us