![]() Detection methods include using an alternative and trusted operating system, behavioral-based methods, signature scanning, difference scanning, and memory dump analysis. Rootkit detection is difficult because a rootkit may be able to subvert the software that is intended to find it. Full control over a system means that existing software can be modified, including software that might otherwise be used to detect or circumvent it. The key is the root or Administrator access. Once installed, it becomes possible to hide the intrusion as well as to maintain privileged access. Obtaining this access is a result of direct attack on a system (i.e.), exploiting a known vulnerability (such as privilege escalation) or a password (obtained by cracking or social engineering). Rootkit installation can be automated, or an attacker can install it once they’ve obtained root or Administrator access. The term “rootkit” has negative connotations through its association with malware. ![]() The term rootkit is a concatenation of “root” (the traditional name of the privileged account on Unix operating systems) and the word “kit” (which refers to the software components that implement the tool). ![]() A rootkit is a stealthy type of software, typically malicious, designed to hide the existence of certain processes or programs from normal methods of detection and enable continued privileged access to a computer. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |