COMP 3000 Study Guide - Final Guide: Gnu Compiler Collection, Readwrite, Write Protection
RootKit
1 –Introduction
In this project, we are going to build a simple harmless
Rootkit module to research the malware. But first, we need to
know what Rootkit is? Rootkit is special type of malware
because people didn’t know anything when Rootkit already
working. Rootkit are basically undetectable, and it’s impossible
to delete them all. Although detection tools are increasing,
malware developers are constantly looking for new ways to
cover their tracks.
The purpose of a rootkit is to hide itself and other software
from being discovered. Rootkits can hide any software, including
file servers, keyloggers, Botnets, and Remailers. Many rootkits
can even hide large collections of files and allow attackers to
save many files on user’s computer, but the user cannot see
them.
2 –Background Information
How to explain clearly for Rootkit? In the most common spy
war movies, a theory would be brought up, both side of power
usually sends a secret spy to the opposing party. The secret spy
would camouflage themselves to blend in with the opposing
party, the goal is to make the opposing party unaware of such
spy. For keeping under low profile and low risk, the spy would
gain the trust from the enemy, and promote themselves in order
to get more information and use special kind of information
exchange protocols to send back to the party where the spy was
sent from.
To some extent, this “spy” would be considered as Rootkit, it
always stays in the target computer and without being noticed,
and then it would control the system, and receive information
regarding to what it wants. Rootkit has three main parts, hiding,
manipulating, and collecting date. Rootkit is root language
comes from UNIX. UNIX administrators are root account, these
accounts have the minimal security, and therefore it has the
administrator’s access and called this target computer rooted.
Rooting a computer doesn’t necessarily means it can always and
Document Summary
In this project, we are going to build a simple harmless. Rootkit is special type of malware (cid:271)e(cid:272)ause people did(cid:374)(cid:859)t k(cid:374)o(cid:449) a(cid:374)(cid:455)thi(cid:374)g (cid:449)he(cid:374) ootkit alread(cid:455) (cid:449)orki(cid:374)g. ootkit are (cid:271)asi(cid:272)all(cid:455) u(cid:374)dete(cid:272)ta(cid:271)le, a(cid:374)d it(cid:859)s i(cid:373)possi(cid:271)le to delete them all. Although detection tools are increasing, malware developers are constantly looking for new ways to cover their tracks. The purpose of a rootkit is to hide itself and other software from being discovered. Rootkits can hide any software, including file servers, keyloggers, botnets, and remailers. Many rootkits can even hide large collections of files and allow attackers to sa(cid:448)e (cid:373)a(cid:374)(cid:455) files o(cid:374) user(cid:859)s (cid:272)o(cid:373)puter, (cid:271)ut the user (cid:272)a(cid:374)(cid:374)ot see them. In the most common spy war movies, a theory would be brought up, both side of power usually sends a secret spy to the opposing party. The secret spy would camouflage themselves to blend in with the opposing party, the goal is to make the opposing party unaware of such spy.