Rootkit was first introduced in SunOS operating system by Lane Davis and Steven Dake. This technology is used by Root on Unix (equivalent to the System Administrator on Windows) to recovery (restore) the root password they forget. To be able to restore the root password is not easy because it needs authorization and unlimited access to a system. Finally, a special technology was discovered that can do that later known as this rootkit.
The term rootkit is so famous after a world-class music companies who apply to secure the CD music from piracy. The case has become a very horrendous scandal because even though the goal to avoid piracy, the use of this technique allows malicious applications rootkits planted aboard the music companies.
The term rootkit is so famous after a world-class music companies who apply to secure the CD music from piracy. The case has become a very horrendous scandal because even though the goal to avoid piracy, the use of this technique allows malicious applications rootkits planted aboard the music companies.
Rootkit techniques are prone to be used for evil purposes. If you remember, a virus such as Alman or Bacalid using rootkit techniques so difficult to detect. Removal of his application could not finish 100% due to a virus of malware that uses rootkit technology to walk residents and difficult to detect. He runs invisibly, silently without a sound, and did attack you never know. No wonder so many who think like voodoo rootkit in the computer world. In fact, the rootkit is basically a technology and can be used for good and useful. An example is the use of applications rootkir antivirus, firewall, software protection, DRM (Digital Right Management), and simulation applications such as daemontools disc media. The problem, rootkit techniques can also be used to create malicious applications are difficult to overcome.
Rootkit various
Like viruses, rootkits also has many variants. Classified according to the target being attacked, rootkits distributed into 6 kinds, namely:
1. Application Rootkit
Rootkits are made by modifying the binary code of an application directly or commonly referred to as binary code patching. This type of rootkit is usually found in the type of trojan malware to inject the virus into an object or system.
2. Library rootkit
This is a rootkit targeting libraries. Library itself is a file such as a library function that has been collected into one with a view to memermudah programmers in creating and developing an application. Library marked with the suffix "etc." as "kernel.dll".
3. Kernel Rootkit
Kernel rootkit is a type of rootkit is more terrible than the previous types. Kernel rootkits run at the kernel level (mode
not protected), or on the x86 architecture system known as ring 0. About how rootkits work will be presented at next month InfoKomputer.
4. Bootloader Rootkit
Is the type of rootkit that resides on the MBR (Master Boot Records), so as to control the course of booting the operating system. This type of rootkit is also known as Bootkit or "Evil Maid Attack",
5. Level hypervisor rootkit
This type of rootkit capable memvirtualisasikan original operating system so that the guest operating system, so that the entire control of the operating system can be taken over by this type of rootkit. One of the existing rootkit is a type SubVirt, are virtual machine based rootkits are developed by Microsoft and the University of Michigan.
6. BIOS rootkits
BIOS rootkits, collectively, the firmware rootkit, the rootkit that was the most horrible deepest level, living in the neighborhood and began active firmware when all computer activity occurred early initialization.
Poverty
There are several ways to clean up malware that uses rootkit technology on an infected computer. But the method used depends on the type of rootkit that infects, so as to overcome a bit difficult when we can not exactly know what type of rootkit that may be infecting our computers. To detect a rootkit, you should run the infected computer as a slave and use the operating system of PE (preinstalled environment) or liveCD to menginvestigasinya. There are many types of this LiveCD operating system such as DSL (Damn Small Linux)-had bundled the DVD edition of congenital magazine InfoKomputer ago - and many more. Perform scanning using special software designed to clean the rootkit, then do an investigation on areas inhabited by vulnerable rootkit. Since cleaning a rootkit is operating very close relationship with the system configuration, I suggest you ask for help to people who are experts to do so. If not careful, the consequences would be fatal.
AVI vs Rootkit
For now AVI not designed to deal with rootkits, but we will continue to develop AVI to possess anti-rootkit feature. AVI itself is currently in transition or developing the latest version (version 3), which features one of the Anti-Rootkit. Not only that, AVI version 3 also has many new features that will optimize your computer security from the attacks malicious programs. Just wait for the game date.
Next month, we will explain in more detail about how each of our rootkit described above. So, do not miss!
0 comments
Post a Comment