Rootkits

O Nozey publicou no Viva o Linux um artigo muito interessante falando sobre rootkits e como detecta-los em ambientes Linux:Procurando rootkits no seu sistemaPara quem usa o Ubuntu 8.04 basta abrir o Synaptic e pesquisar pelos programas "rkhunter" e "chkrootkit" e marcá-los para instalação.Depois disso é só seguir as dicas do Nozey para efetuar uma verificação em seu sistema Linux.

Programming UNIX Hacker Tools Uncovered: Exploits, Backdoors, Scanners, Sniffers, Brute-Forcers, Rootkits (Uncovered series) (Paperback)By Ivan Sklyarov Buy new: $39.95$30.364 utilised and new from $25.00 Customer Rating: First tagged “linux” by Prussian7 “prussian7″ [...]

Rootkit is nothing but set of dangerous backdoor programs that are available in the Internet which can put you in trouble by giving unauthorized administrator/root access to the hacker without your knowledge. Read more about Rootkit here at wiki. Rootkits can be technically classified into persistent, kernel mode, memory based and user mode having [...]

Security researchers have developed a new type of malicious rootkt software that hides itself in an obscure part of a computer's microprocessor. It is Called as System Management Mode (SMM) rootkit, the software runs in a protected part of a computer's memory that can be locked and rendered invisible to the operating system, but which can give attackers a picture of what's happening in a computer'

On the heels of an EUSecWest conference presentation on malicious rootkits for Cisco IOS (see background), Cisco's security response team has published a must-read document confirming that stealthy malware can be loaded on the software used on the vast majority of its routers and network switches. Cisco warns: It is possible that an attacker could insert malicious code into a Cisco IOS softwa

El sitio web AV-Test.org ha realizado una serie de pruebas a distintas soluciones de empresas de software antivirus para probar su detección de programas rootkit, pero por lo visto los resultados han sido muy poco esperanzadores.

Vista's UAC has a security feature that marks it out from any other type of Windows security program, it can spot rootkits before they install. This is one finding buried in a report published in two German computer magazines some months ago after testing by the respected AV-Test.org, which set out to find out how well antivirus programs fared against known rootkits.

Vista’s UAC has a security feature that marks it out from any other type of Windows security program — it can spot rootkits before they install. This is one finding buried in a report published in two German computer magazines some months ago after testing by the respected AV-Test.org, which set out to find out [...]

Love or hate its nagging prompts, Vista’s Account Control feature (UAC) has a security feature that marks it out from any other type of Windows security programme — it can spot rootkits before they install. This is one finding buried in a report published in two German computer magazines some months ago after testing [...]

Los rootkits son una amenaza a nuestra seguridad y privacidad, de la que se habla mucho sobre todo desde que Sony tuvo la idea de distribuir uno de ellos en sus CDs de audio. Pero, ¿Cómo funciona exactamente un rootkit? ¿Es cierto que no pueden eliminarse de un ordenador? ¿Por qué son peligrosos? A continuación intentamos develar el misterio.  

Hiding under the radar Security researchers have discovered a new technique for developing rootkits, malicious packages used to hide the presence of malware on compromised systems.… Read more…

Security researchers have developed a new type of malicious rootkit software that hides itself in an obscure part of a computer's microprocessor, hidden from current antivirus products. Called an SSM (System Management Mode) rootkit, the software runs in a protected part of a computer's memory that can be locked and rendered invisible to the operating system but which can give attackers a picture of what's happening in a computer's memory. The SMM rootkit comes with keylogging and communications software and could be used to steal sensitive information from a victim's computer. It was built by Shawn Embleton and Sherri Sparks, who run an Oviedo, Florida, security company called Clear Hat Consulting. The proof-of-concept software will be demonstrated publicly for the first time at the

In this age of malicious programs, there are many different threats which are able to compromise the security of either your VPS or dedicated server, which could leave the information that you host within your dedicated environment open to abuse; this means that you should always take pride in the security of your VPS or [...]

Ah I remember some of the nastiest viruses back in the day attaching themselves in the MBR (Master Boot Record) rendering most anti-virus software useless (as it sits on top of the OS). Now it seems MBR infection is back in fashion for a new age of rootkits. Security mavens have uncovered a new class of attacks that attach malware to the bowels of a hard drive, making it extremely hard to

Hoy en día no pasa como antes, en donde el hecho de tener un antivirus instalado era suficiente para decir “mi máquina está a salvo”; hoy, además de virus, existen otras especies que infectan y maltratan a nuestra PC. Hoy hablaremos de una de éstas, los rootkits. Antes de ver como eliminarlos, veamos un poco qué son. Según la Wikipedia: Un rootkit es una herramienta, o un grupo de ellas que tiene como finalidad esconderse a sí misma y esconder a otros programas, procesos, archivos, directorios, llaves de registro, y puertos que permiten al intruso mantener el acceso a un sistema para remotamente comandar acciones o extraer información sensible, a menudo con fines maliciosos o destructivos. Leer más. Como se ve, tener un rootkit en nuestra PC puede tener consecuencias muy desagradables, asique veamos cómo y con qué eliminarlos. En VisualBeta nos hablan de UnHackMe, una aplicación que promete eliminar TODOS los runkits que pueda tener nuestra PC. Para ello ut

While it is possible to hide spyware or a virus in a way that will fool even the traditional antivirus/antispyware products, some malware programs are already using so-called rootkits to hide deep on your pc ! Rootkits for Windows work in a different way and are typically used to hide malicious software from ... ...They are now an emerging type of SuperSpyware which hide themselves effectively & impact the operating system kernel directly...

Muito em moda hoje em dia é se referir a Rootkits como uma ameaça de grandes proporções ao seu pacato computador, mas convenhamos, você sabe o que é um rootkit? Definições de Rootkit (por Rodrigo Camarão) Rootkits são programas utilizados para esconder do administrador de sistemas o que realmente esta acontecendo, em outras palavras, os rootkits não são programas que procuram obtenção de privilégios e/ou explorar vulnerabilidades em sistemas, mas sim, ocultar em maioria processos de sistemas e arquivos modificados pelo atacante. Tais possibilidades fazem o uso deste artefato grande ferramenta para pós-invasão em sistemas computacionais. Em estagio inicial os rootkits eram usados para ocultação de ataques em máquinas nos mais diversos sabores de Unix. Os rootkits da época, estamos falando de 1992 a 1994, substituíam comandos básicos como: ls, find, login, cat, etc. Alem da substituição de comandos, os rootkits retiravam as entradas nos arquivo wtmp, utmp e lastl

What are rootkits? There are many explanations but what I need to say it’s more troublesome than any virus or Trojan! Why? Because it’s not detected by any antivirus software (some AV like nod32 are able to detect few of them) and cause major damage to your computer. My computer has been infected twice and [...]

Mark Russinovich, the guy that discovered the Sony rootkit, did a little digging into why he believes a couple of popular virtual CD applications use rootkits. Alcohol and Daemon Tools both use rootkits to trick the DRM into thinking it is a real drive not a virtual one. From the blog: CD burning and emulation software companies owe a significant amount of their sales to customers that want to store games on their hard drives. The legitimate claim for doing this is that it enables fast, cached access to the game., though it is well known that this is also used to make illegal copies of games to share with friends - so content-protected CDs and DVDs present a challenge the companies can't ignore. One way to deal with the problem is to re-engineer the software that interprets the data stored on the media, but that approach requires enormous and on-going resources dedicated to deciphering changes and enhancements made to the encoding schemes. An easier approach is to fool game DRM soft

Hoy en el sitio web del Rootikit Unhooker nos dan una noticia que si bien ya anticipabamos.Rootkits en Vista, si señores asi como lo oyen, el sistema más seguro según sus creadores (jaja si como no) ha caido en las manos de estos rusos y no creo que falte mucho para quq RKU trabaje en Vista, así que no nos queda sino mas que esperar un poco.21 de Abril 2007 7:30 MSKAnuncio de Rootkit Unhooker VXRootkit Unhooker trabajara en win32 x86 Vista Release Versionlos rootkits de prueba han sido portados a vista :)Latest build of GMER v1.012 is fucked up =) "soviet style" boy from Poland should better test his crap for compatibilityno rekiere traducciónhay que ver que si los rootkits de prueba han sido portados a vista, los rootkits de verdad seguramente tambien estaran, o ya estan en Windows Vista.SaludosMixelandia

Security experts now believe that trojan, spam and malware protection software cannot adequately prevent system compromise by increasingly sophisticated rootkits. Rootkits are used to conceal the presence of trojans, hacker backdoors, and botnets by cloaking their files and processes through modifying the output of common operating system routines. They grant administrator access to [...]