Home Rootkits Well Known Rootkits
Written by Michael Rauch   
Thursday, 30 July 2009 02:21

 

Well Known Rootkits

Some well-known rootkits frequently turn up on infected machines. As stated earlier, rootkits do not gain entry to a system but permit re-entry to an infected system. Examining the functions of some of the well-known rootkits sheds light on how they help the intruder accomplish the notorious purpose for the intrusion. These rootkits are listed here along with brief descriptions of their functions:

  • Hidden32 -- hides applications (Schiller, 2007)
  • HideUserv2 adds an invisible user to the administrative group (Schiller, 2007)
  • HideWindow hides instances of the Microsoft IRC client (Bacher, Holz, Ketter, and Wichershi, 2005)
  • FU hides processes (Dawada, 2006)
  • Hacker defender in some newer versions will render some anti-virus and rootkit applications ineffective (Dawada, 2006)
  • Sony BMG DRM introduced by Sony corporation as a form of copy-protection for CDs (Dawada, 2006)
  • Apropos Spyware prevents un-installation or removal of payload packages (Dawada, 2006)

Rootkits are used by hackers to mask the presence of payload modules they install, add invisible users with root or administrative privileges, and disable the effectiveness of antivirus and rootkit detection tools. This kind of power enables the hacker to regain access to an infected system and perform any desired actions.



<<  Prev   

References


Bacher, P., Holz, T., Kotter, M., and Wicherski, G. (2005). Know
     your enemy: Tracking botnets. Using honeynets to learn more
     about bots. The Honeynet Project & Research Alliance.
     Retrieved May 1, 2008 from
     http://www.honeynet.org/papers/bots/.


Dawada, K., (2006). The rootkit and botnet menace. Network
     Magazine. Retrieved April 28, 2008 from
     http://www.networkmagazineindia.com/200601/techscope200607.shtml.


Hidalgo, A. (2007). Trojan.Peacomm: Building a peer-to-peer
     botnet. Symantec. Retrieved April 22, 2008 from
     https://forums.symantec.com/syment/blog/article?message.uid=305096.


Schiller, C. (2007). Botnets. Network and Systems
     Professionals Association. Available from
     http://www.naspa.com/.

blog comments powered by Disqus
back to top
Last Updated on Thursday, 27 August 2009 01:44
 

Login Form



Copyright © Michael J Rauch 2009; all rights reserved