A root kit is a trojan horse virus that modifies operating system code to allow it to grant itself system administrator authority and create a backdoor through which the hacker can access your system. A root kit usually installs utilities that allow the hacker to spawn a remote Shell, login, and start processes to open ports, intercept keystokes, collect data, sniff for usernames and passwords, and scan a network for vulnerabilities to exploit.
Welcome to Bucaro TecHelp!

Welcome to Bucaro TecHelp!
Maintain Your Computer and Use it More Effectively
to Design a Web Site and Make Money on the Web

About Bucaro TecHelp About BTH User Agreement User Agreement Privacy Policy Privacy Site Map Site Map Contact Bucaro TecHelp Contact Advertise on Bucaro TecHelp Advertise Here RSS News Feeds News Feeds

Computer Repair with Diagnostic Flowcharts

Troubleshoot PC Hardware Problems With Flowcharts

This manual for troubleshooting PC hardware problems creates a visual expert system for diagnosing component failure and identifying conflicts.

The seventeen diagnostic flowcharts at the core of this book are intended for the intermediate to advanced hobbyist, or the beginning technician.

Click Here

Root Kit - The Hackers Backdoor to Your Computer

By Stephen Bucaro

Root kit is the latest buzz word in the computer technology world. Root kit refers to a new more insidious kind of computer virus that cannot be detected by anti-virus software. Actually root kits have been known in Unix/Linux systems for many years. The word "root" comes from the "root" account (system administrator) in Linux.

It's just lately that the existence of root kits in Microsoft Windows systems has been exposed. Greg Hoglund, a computer security consultant and authority on Windows root kits believes intruders have been using Windows root kits covertly for years.

A root kit is a trojan horse virus that modifies operating system code to allow it to grant itself system administrator authority and create a backdoor through which the hacker can access your system. A root kit usually installs utilities that allow the hacker to spawn a remote Shell, login, and start processes to open ports, intercept keystokes, collect data, sniff for usernames and passwords, and scan a network for vulnerabilities to exploit.

Any average programmer can write a kernel mode root kit. Hoglund teaches a two-day course on root kits, and by the end of the course, every student is writing their own root kits.

Detecting root kits

Whereas the goal of a common computer virus is to spread itself to other systems, the primary goal of a root kit is self preservation. For example it may regularly check the integrity of it's components and reinstall them if necessary. Conventional viruses operate in user mode, which means they create processes and registry entries visible in system administration utilities.

When a system administrator uses a utility to check for a root kit, the root kit intercepts the system calls and filters out any messages that would expose the root kit. Normal indicators of a program running, such as executable file name, process name, memory usage, or registry settings are invisible. As a result, root kits cannot be detected by conventional detection tools including anti-virus and anti-spyware applications.

The root kit may remain hidden until a system crash reveals the name of one of it's processes as the component that caused the crash. There are several programs available to detect root kits on Unix systems, for example chkrootkit and rkhunter. Microsoft is working on a tool that can detect root kits on Windows systems, however, at the present time the only reliable way to remove a root kit from Windows is to completely erase the hard drive and reinstall Windows from scratch.

One promising Windows root kit detector is the Freeware program RootkitRevealer. RootkitRevealer runs on Windows NT 4 and higher and it lists any Registry, file system, or API discrepancies that may indicate the presence of a root kit. However, RootkitRevealer does not claim to detect every root kit.

Root kits are the ultimate backdoor, giving hackers ongoing and virtually undetectable access to the systems they exploit. Now, two of the world's leading experts have written the first comprehensive guide to root kits: what they are, how they work, how to build them, and how to detect them. Rootkit.com's Greg Hoglund and James Butler created and teach Black Hat's legendary course in root kits. In this book, they reveal never-before-told offensive aspects of root kit technology--learn how attackers can get in and stay in for years, without detection.

Hoglund and Butler show exactly how to subvert the Windows XP and Windows 2000 kernels, teaching concepts that are easily applied to virtually any modern operating system, from Windows Server 2003 to Linux and UNIX. Using extensive downloadable examples, they teach root kit programming techniques that can be used for a wide range of software, from white hat security tools to operating system drivers and debuggers.

After reading this book, readers will be able to;

- Understand the role of root kits in remote command/control and software eavesdropping
- Build kernel root kits that can make processes, files, and directories invisible
- Master key root kit programming techniques, including hooking, runtime patching, and directly manipulating kernel objects
- Work with layered drivers to implement keyboard sniffers and file filters
- Detect root kits and build host-based intrusion prevention software that resists root kit attacks

RSS Feed RSS Feed

Computer Sections
AntiVirus, Firewall, and Antispyware
Smart Card
Social Engineering Attack Counter Measures
Types of Malicious Software
Computer Technician's Guide to Biometric Security Devices
Remove Spyware with Spybot - Search & Destroy
Remove Stubborn Malware Infection With McAfee Labs Stinger
Botnets - What Are They?
Keep Your Internet Browsing Private with InPrivate Browsing
Has Malware Turned Off Your PC's User Account Control?
Turn On Your Browser's Phishing Filter
Guide to Selecting the Right Spyware Removal Tool
Top Features to Look for in Antivirus Software
How to Remove Virus Without Internet Access
Microsoft Security Essentials
Tips to Protect Windows Vista Operating System
A Guide to Understanding Security and Safe Windows Vista Computing
Flash Animations and Videos Install Viruses
Top Tips To Secure Your Online PC
The Complete Malware Prevention, Protection, and Removal Guide
Five Critical Steps to Protect Your Personal Information and Computer
Six Steps to Get and Keep Your Computer Running at Full Speed
Top Eleven Tips for Safe Computing
What is Phishing and How to Safeguard Against It
How Many Spyware Items Are Slowing Down Your Computer?
Avoid the Indigestion of Cookies
Four Tips to Safe Web Browsing
No Software on the Market Removes All Spyware
FREE Antivirus Software : Avast!
FREE Antivirus Software : AVG
What is Spyware?
Root Kit - The Hackers Backdoor to Your Computer
What's a Root Kit and How Hackers Are Getting Into Your Computer With It


TigerDirect
[Site User Agreement] [Advertise on This site] [Search This Site] [Contact Form]
Copyright©2001-2011 Bucaro TecHelp 13771 N Fountain Hills Blvd Suite 114-248 Fountain Hills, AZ 85268