Transcript Chapter 3
Chapter 3 Rootkits: Sneaky, Stealthy Toolboxes Outline What is a Rootkit? What are Rootkits used for? Rock Star Rootkit: Sony's famous Malware How Rootkits Work Rootkit Scanners The Simplest Rootkit Removal Technique What is a Rootkit? Let's say your computer looks like it is infected by a virus or by adware, but a scan doesn't reveal anything. The solution might lie in a rootkit. A Rootkit is a technology which hides itself and other programs and prevents their detection. What are Rootkits used for? They are used to make it harder to remove the malware they hide. Rock Star Rootkit: Sony's famous Malware It started as DRM software: two technologies: XCP or Mediamax It “hid” all files whose name started with $sys$ How to tell whether you have a bad CD: It says “Copy Protected” in the Spine. On the back it says “Compatible with” and some system specs. (see the rest on page 91) How Rootkits Work Rootkits conceal the trails that lead to the virus by modifying the operating system Rootkit Scanners Root kit scanners are included in McAfee, Norton, F-Secure, etc. security utility. Best to use more than one Freely available: F-Secure Blacklight Rootkit Revealer Microsoft Windows MaliciousSoftware Removal Tool Rootkit Hook Analyzer The Simplest Rootkit Removal Technique Use System Restore (page 99)