| Written by Michael Rauch |
| Wednesday, 29 July 2009 00:00 |
|
Rootkits: The Hacker's Tool of Deceipt
Botnets burst into notoriety over the past couple years with the discovery of a Trojan named Peacomm and nicknamed Storm by the research community. The Trojan was nicknamed Storm because of a common theme of the subject header contained in the e-mail that delivers the Trojan: "230 dead as storm batters Europe" (Hidalgo, 2007). Why is there so much concern over a simple e-mail? The e-mail is not the concern but the delivery mechanism of the threat, which is a Trojan that delivers a rootkit, thus joining the computer to a botnet. Botnets, however, exist in relative obscurity because the vast majority of computer users do not know what botnets are or the threat they pose. This article explores the relationships between rootkits, zombies, Trojans, and botnets; what they are and why they pose a threat. Prevention, detection, and removal techniques will be explored along with legislation designed to protect the computing community. Defining Rootkits
The term rootkit is derived from the UNIX operating system, in which root is either the highest access privilege or directory level, depending on the context of use. When used in the context of a rootkit, root refers to the highest level of access to the system. In layman’s terms, a rootkit is a module injected into an operating system by a third party to take over specific tasks of the operating system and is not necessarily malicious in nature. The threat that rootkits pose is determined by the intentions of the hackers who use them. There are two basic types of rootkits: persistent and non-persistent rootkits. The difference between the two is that persistent rootkits have the ability to load and run following a system reboot whereas non-persistent rootkits do not. For the discussion of the threat of botnets, rootkits are assumed to be of the persistent type.
|
| Last Updated on Thursday, 27 August 2009 01:45 |
Home 
Rootkits
Rootkits
