Professional Documents
Culture Documents
Rootkits: They are stealthy malware which can alter system utilities or
operating system to stay hidden. They are difficult to identify because
some rootkits hide themselves from windows process utility by
infecting the window process utility. They are typically used to hide
malicious software like Virus or Trojan Horse.
Rootkits are often operated in two modes 1. User Mode 2. Kernel
Mode
Rootkits in user mode: They work by altering system utilities or
Libraries on disk. These are easy to detect by checking integrity of files
which can be done offline by using a cryptographic hash function.
User mode rootkits often insert code into other user mode process
through methods like dll injection and alter their behavior. This can be
detected by running an anti-rootkit software which runs at kernel
level and checks continuously
Rootkits in Kernel mode: They are hard to detect because they run at
lowest levels of operating system. Kernel rootkits in windows are
usually loaded as default drivers. Because driver system is modular it
allows user to load arbitrary code in the kernel. With this feature it is
Detecting Rootkits: Even though rootkits are sneaky they are not
impossible to detect. User mode rootkits are detected by checking on
modifications of files on disk. On windows important libraries are
digitally signed so any tampering would invalidate digital signature
and thus can be detected. Another technique used is to periodically
compute a cryptographic hash function for critical system components
while system is offline and hashes are checked when the system is
online if the cryptographic hash functions do not match then a rootkit
are some guards inside the horse who came out of the horse and
opened gates of troy and destroyed troy in a single night after a never
ending battle for several years. Trojan horse is a similar type of
program that appears useful by pretending to do certain things in
foreground, but in reality they are working silently in background with
the only objective of harming your computer and/or stealing valuable
information.Most common way of getting infected with a Trojan in
through downloading cracks or keygen or pirated software or pirated
music from various untrusted sources on internet.
Same as virus and Worms a Trojan can be concealed by a rootkit.
Unlike worms they cant spread by themselves. A rootkit can be used
to download a Trojan or virus or waom to a computer.
Spyware: Spyware infects system but they doesnt cause any damage
to system but it collects data from the users like credit card numbers
or social security number or pass word details of user account etc.
They also steal bandwidth by continuously sending private
information about user to central server. Thus it slows down system.
They can also be hidden by a rootkit.
Adware: is any software package that automatically renders
advertisements in order to generate revenue for its author. The
advertisements may be in the user interface of the software or on a
screen presented to the user during the installation process. The
functions may be designed to analyze which Internet sites the user
visits and to present advertising pertinent to the types of goods or
services featured there. The term is sometimes used to refer to
software that displays unwanted advertisements. They are not
designed to steal information but they are used to display unwanted
ads. Usually they are installed as a bundle with freeware apps. Some
examples are Ilivid or ask search bar etc. They are different from
http://www.guidingtech.com/8888/difference-between-malwarevirus-rootkits-trojans-worm-spyware/
https://en.wikipedia.org/wiki/Trojan_War
https://en.wikipedia.org/wiki/Adware
http://searchsecurity.techtarget.com/definition/botnet