|
Source: SearchSecurity - Posted by Pax Dickinson
|
Pretend you're a hacker. You just found a system that is no match for your 'leet skillz' and gained root access. Now what? Sooner or later, the system administrator is going to notice his box is 'owned' and you'll be kicked out after the system is patched. That's why you install a rootkit.
A rootkit is software attackers install on systems in order to cover up traces of their presence. Most rootkits also include other advanced tools, such as tools to help the attacker build back doors to insure continued access to the compromised system. For example, a rootkit may intercept login requests and grant cloaked access to the attacker via a special user ID and password. It is not unusual to find keystroke loggers, packet sniffers and other exploit code in rootkits.
Rootkits help attackers hide their presence by hiding or removing traces of login records, log entries and processes related to their activities. Some rootkits accomplish this task by replacing the binaries for system administration commands with modified versions designed to ignore attacker activity. For example, on a Unix or Linux system, the rootkit may replace the 'ls' command with one that does not list files located in certain directories. Or it may replace the 'ps' command, which lists the processes running on the system, with one that conveniently ignores processes started by the attacker. The programs responsible for logging activities are similarly modified to help the attacker stay inconspicuous. Therefore, when the system administrator looks at the system, everything looks normal, despite the fact that it has been subverted.
Read this full article at SearchSecurity
Only registered users can write comments.
Please login or register. Powered by AkoComment! |
