A rootkit is a stealthy type of malicious software malware designed to hide the existence of certain .... ref name McAfee1 The term rootkit is a concatenation of Superuser root the traditional name ... that implement the tool . The term rootkit has negative connotations through its association with malware . ref name McAfee1 Rootkit installation can be automated, or an Hacker computer security ... software that might otherwise be used to detect or circumvent it. Rootkit detection is difficult because a rootkit may be able to subvert the software that is intended to find it. Detection methods ... be complicated or practically impossible, especially in cases where the rootkit resides in the kernel ... name McAfee1 The term rootkit or root kit originally referred to a maliciously modified set of administrative ... Windows Rootkit Overview publisher Symantec date 2006 03 26 accessdate 2010 08 17 format PDF ref If an intruder could replace the standard administrative tools on a system with a rootkit, the intruder ... first2 Jamie last2 Butler date 2005 08 01 accessdate 2010 11 22 title Raising The Bar For Windows Rootkit Detection ref ref name Harris Lane Davis and Steven Dake wrote the earliest known rootkit in 1990 ... Ken doi 10.1145 358198.358210 ref This exploit was equivalent to a rootkit. The first malicious rootkit for the Windows NT operating system appeared in 1999 a trojan called NTRootkit created by Greg ... rootkit targeting Mac OS X appeared in 2009, ref cite conference url http www.blackhat.com presentations ... known rootkit scada devices title Stuxnet Introduces the First Known Rootkit for Industrial Control Systems date 2010 08 06 accessdate 2010 12 04 publisher Symantec ref Sony BMG copy protection rootkit ... hidden by the Extended Copy Protection rootkit main Sony BMG copy protection rootkit scandal In 2005 ... a music player but silently installed a rootkit which limited the user s ability to access the CD ... ref Software engineer Mark Russinovich , who created the rootkit detection tool RootkitRevealer , discovered ... more details
File Sony XCP banner.png thumb SONY BMG XCP audio CD player The Sony BMG CD copy protection rootkit scandal ... way in which the Microsoft Windows operating system plays CDs by installing a rootkit which creates ... and rootkit s. Additionally, further investigation revealed that Sony had created its copyright protection ... Sony Rootkit Allegedly Contains LGPL Software , Slashdot, November 15, 2005. Retrieved November 22, 2006 ... 2005 10 31 accessdate 2009 07 29 ref Security holes Russinovich stated that the rootkit software ... employs unsafe procedures to start stop the rootkit , which could lead to system crashes ... Windows Windows operating system failing to recognize an existing drive s . The Sony rootkit is designed ... already compromised by the Sony rootkit. Anti virus firm F Secure asserted, Although the software isn t directly malicious, the used rootkit hiding techniques are exactly the same used by malicious .... ref Larvala, Samuli. http www.f secure.com v descs xcp drm.shtml F Secure Rootkit Information XCP DRM Software dead link date March 2012 , F secure Computer Rootkit Information Pages, November ... detection for the rootkit in their products as well, and Microsoft announced it would include detection ... 11 sonys drm rootk.html Sony s DRM Rootkit The Real Story , Shneier On Security, November 17, 2005. Retrieved November 22, 2006. ref Rootkit removal program Sony BMG released a software utility to remove the rootkit component of XCP from affected Microsoft Windows computers, ref cite web url http ... merely unmasked the hidden files installed by the rootkit, but did not actually remove the rootkit. In addition ... On November 18, 2005, Sony BMG provided a new and improved removal tool to remove the rootkit component ... kit anti piracy title Sony backs out of rootkit anti piracy scheme author vunet.com date 2005 11 15 ... States Department of Homeland Security , issued an advisory on XCP DRM. They said that XCP uses rootkit ... to the rootkit. The suit was also the first filed under the state s 2005 spyware law. It alleged ... more details
notability Books date June 2010 Infobox Book name The Rootkit Arsenal Escape and Evasion in the Dark Corners of the System image image caption author Bill Blunden country United States Original language English cover artist series First Edition genre Computer Science publisher Jones & Bartlett Publishers pub date May 4, 2009 media type Print Paperback pages 908 pages isbn ISBN 1 59822 061 6, First Edition, paperback preceded by followed by The Rootkit Arsenal Escape and Evasion in the Dark Corners of the System is a book written by Bill Blunden , published by Jones & Bartlett Publishers in May, 2009. The book takes the reader in depth about rootkit technology and uses. It cover topics such as IA 32 Assembly language assembly , the Microsoft Windows Windows system architecture, Kernel computing kernel debugging , advanced rootkit development, and much more concerning rootkit technology and how it can be applied onto e.g. White hat white hat hacking . The book also provides many source code examples on rootkit development and how to properly use it. It is required and recommended to have a fair understanding of computer programming and operating system s in order to fully comprehend the contents of the book, as the back cover states it is an advanced book on its topic. Content The book is divided into four parts, and each of the 14 chapters goes into detail about specific technology and information required in advanced rootkit development and use. It also provides information about network and file system analysises, kernel objects, drivers, and much more related to rootkit technology. The reader can create a fully working rootkit by using the source codes in the appendix . The product ... hat hacking community. A rootkit allows an attacker to subvert a compromised system. This subversion ... of common administrative tools, but can be more dangerous when it occurs at the kernel level. A rootkit ... colwidth 30em References Blunden, Bill. The Rootkit Arsenal Escape and Evasion in the Dark Corners ... more details
Wiktionary apropos Apropos may refer to apropos Unix tt apropos tt Unix , a program used to search for program manual pages A rootkit created by Phorm 121Media to install adware disambig de Apropos ... more details
Orphan date April 2012 Infobox software name GMER logo caption screenshot Image Gmer tdl4.png 400px developer latest release version 1.0.15.15530 latest release date latest preview version latest preview date operating system Microsoft Windows genre Rootkit Detection Removal license Freeware website http www.gmer.net gmer.net GMER is a software tool for detecting and removing rootkit s. ref http www.gmer.net GMER Home Page ref It is used by the Avast antivirus application. ref http www.avast.com pr avast gmer technology gets top score in rootkit detection tests Avast s GMER technology gets top score in rootkit detection tests ref It runs on Microsoft Windows and has support for Windows NT, 2000, XP, Vista, and 7. References reflist External links http www.gmer.net GMER Home Page Category Spyware removal Category Windows software Category Antivirus software malware stub ... more details
Mebroot is an Master boot record MBR based rootkit used by some botnets including Torpig . External links http www.cs.ucsb.edu 7Eseclab projects torpig Taking over the Torpig botnet , UCSB, April 2009 http www.f secure.com weblog archives 00001393.html MBR Rootkit, A New Breed of Malware F Secure Weblog, March 2008 http www.prevx.com blog 119 From Gromozon to Mebroot A Reflection on Rootkits Today.html From Gromozon to Mebroot A Reflection on Rootkits Today , Prevx blog, April 2009 http www2.gmer.net mbr Stealth MBR rootkit by GMER, January 2008 http www.symantec.com security response writeup.jsp?docid 2008 010718 3448 99&tabid 2 Trojan.Mebroot Technical Details Symantec malware stub Category Rootkits ... more details
Notability date January 2010 lowercase title rkhunter Infobox software name rkhunter screenshot Image rkhunter on Mac OS X.png 200px rkhunter on Mac OS X caption rkhunter on Mac OS X latest release version 1.3.8 latest release date release date and age 2010 11 17 operating system Unix like genre rootkit detector license GNU General Public License website http rkhunter.sourceforge.net rkhunter Rootkit Hunter is a Unix based tool that scans for rootkit s, Backdoor computing backdoors and possible local Exploit computer security exploits . It does this by comparing SHA 1 SHA 1 hashes of important files with known good ones in online database, searching for default directories of rootkits , wrong permissions, hidden files, suspicious strings in kernel module s, and special tests for Linux and FreeBSD . Development Earlier in 2006, Rootkit Hunter initiator and developer Michael Boelen agreed to hand over development. Since that time eight people have been working to set up the project properly and work towards the much needed maintenance release. The project has since been moved to SourceForge . See also Portal Free software chkrootkit Rootkit External links http rkhunter.sourceforge.net New rkhunter web page site of current project http www.rootkit.nl projects rootkit hunter.html Old rkhunter web page DEFAULTSORT Rkhunter Category Computer security software Category Unix security related software Category Rootkits Unix stub es Rkhunter fr Rkhunter pl Rkhunter ... more details
ref improve date September 2011 Infobox Software name chkrootkit screenshot Image chkrootkit on Mac OS X.png 200px chkrootkit on Mac OS X caption chrootkit on Mac OS X developer Pangeia Informatica latest release version 0.49 latest release date July 30, 2009 operating system Linux , FreeBSD , OpenBSD , NetBSD , Solaris operating system Solaris , HP UX , Tru64 , BSD OS , Mac OS X genre Rootkit Detector license website http www.chkrootkit.org lowercase title chkrootkit chkrootkit Check Rootkit is a common Unix based program intended to help system administrators check their system for known rootkit s. It is a shell script using common UNIX Linux tools like the strings Unix strings and grep commands to search core system programs for signatures and for comparing a Tree traversal traversal of the proc filesystem with the output of the Ps Unix ps process status command to look for discrepancies. It can be used from a rescue disc typically a Live CD or it can optionally use an alternative directory from which to run all of its own commands. These techniques allow chkrootkit to trust the commands upon which it depends a bit more. There are inherent limitations to the reliability of any program that attempts to detect compromises such as rootkit s and computer virus es . Newer rootkits may specifically attempt to detect and compromise copies of the chkrootkit programs or take other measures to evade detection by them. See also rkhunter References reflist External links http www.chkrootkit.org Site for Chkrootkit Freshmeat chkrootkit chkrootkit Category Computer security software Category Unix security related software Category Rootkits Unix stub bg Chkrootkit es Chkrootkit fr Chkrootkit pl Chkrootkit ... more details
Blue pill is a pilula hydrargyri medication for constipation Blue pill may also refer to Blue Pill software , a proof of concept virtual machine based rootkit The Red pill and blue pill blue pill , a plot device within the Matrix series Viagra , a medicine used to treat erectile dysfunction, sometimes is called the little blue pill The antiretroviral HIV drug Tenofovir emtricitabine Truvada disambig ... more details
ATA PATA operations atapi.sys to implement its rootkit. While Alureon has also been known to redirect ... Issues After Installing MS10 015 and the Alureon Rootkit date 2010 02 17 publisher Microsoft Security ..., the press reported that the rootkit has evolved to the point that it is able to bypass the mandatory ... rootkit does 64 bit windows title World s Most Advanced Rootkit Penetrates 64 bit Windows publisher ... While the rootkit is generally able to hide itself very effectively, circumstancial evidence of the infection ... en Norman TDSS Remover http www.trishtech.com security removing tdss rootkit google redirects using ... more details
Unreferenced date October 2006 Orphan date February 2009 In computing, the three letter acronym RRR stands for Reboot, Reformat, Reinstall . It is also sometimes referred to, even more simply, as 3R . The system is a widely accepted and humorous methodology employed by technical support technicians. RRR is most commonly found amongst technical support people whose customers work with Microsoft Windows based systems. This is arguably because Microsoft systems are so prevalent in modern computing, rather than the implication that it is more commonly needed for Microsoft products either Application software applications or operating system s than alternatives such as Mac OS X , Unix or Linux . Citation needed date October 2007 RRR is intended to imply that there are three simple steps to making almost any problem go away, and suggest that the work of technical support can be done by anyone who has a basic knowledge of the systems. Its use is likely to be a transliteration of the English education initialism of the same name see the three Rs , widely used in the later part of the 20th Century. Some server administrators use 3R or RRR for Repartition, Reformat, Reinstall in relation to servers that have been infected with a rootkit . Considering how aggressive some rootkits install themselves, repartitioning is often considered the safest extra step to be entirely sure the rootkit is completely removed before reinstall. Category Computer jargon Compu stub ... more details
Orphan date February 2009 Unreferenced 1 stub date February 2007 Knark is a rootkit for the Linux kernel s 2.2 and 2.4. It is a Loadable kernel module that uses system call redirection to hide its presence as well as providing other functions, like typing tt rootme bin sh tt to get a root shell. Knark is named after a Swedish language Swedish and Norwegian language Norwegian slang term for illegal drugs or narcotics , and are by programmers speaking those languages sometimes used as a metasyntactic variable , like foo or bar. Fact date September 2008 Category Rootkits linux stub malware stub ... more details
s computer. The inclusion of this rootkit technology infuriated rights groups like the Electronic ... successfully tested and utillized over a much longer period of time. When the rootkit configuration ... back from the rootkit fiasco was so great that the now head of both Sony Music and BMG, Sir Howard ... more details
Please do not remove or change this AfD message until the issue is settled Article for deletion dated page Process Hacker timestamp 20120501124451 year 2012 month May day 1 substed yes For administrator use only Old AfD multi page Process Hacker date 1 May 2012 result keep End of AfD message, feel free to edit beyond this point Process Hacker is a software that can terminate Process computing process that can t be terminated by Windows Task Manager . It can be used to find some hidden process, such as rootkit . External link http processhacker.sourceforge.net Process Hacker website computing stub Category Software ... more details
with Extended Copy Protection , a controversial feature that automatically installed rootkit software ... back to Sony and also exposed the computer to malicious attacks that exploited insecure features of the rootkit ... cite web author von Lohmann, Fred authorlink Fred von Lohmann title Are You Affected By Sony BMG s Rootkit ... http www.eff.org deeplinks 2005 11 are you infected sony bmgs rootkit ref Track listing Prehensile ... more details
The System Service Dispatch Table SSDT is an internal dispatch table within Microsoft Windows . Hooking SSDT calls is often used as a technique in both Windows rootkit s and antivirus software . ref Cite web url http www.symantec.com connect articles windows rootkits 2005 part one title Windows rootkits of 2005, part one work Symantec year 2005 ref ref name ZDNET2010 Cite web url http www.zdnet.co.uk news security threats 2010 05 11 attack defeats most antivirus software 40088896 year 2010 title Attack defeats most antivirus software work ZD Net UK ref In 2010, many computer security products which relied on hooking SSDT calls were shown to be vulnerable to exploits using race condition s to attack the products security checks. ref name ZDNET2010 References Reflist Category Microsoft Windows Category Computer security Category Rootkits Windows stub fr System Service Dispatch Table ... more details
TDL 4 is a highly advanced, fourth generation botnet found worldwide over a quarter of infected machines are in the US and the name of the rootkit that runs the botnet also known as Alureon . Over 4.5 million machines were infected with it in the first three months of 2011, and the botnet continues to grow as no effective measures have been found to prevent it. It infects the master boot record of the target machine, making it harder to detect and remove. Major advancements include encrypt ing communications, decentralized controls using the Kad network , as well as deleting other malware . ref cite web last Reisinger first Don url http news.cnet.com 8301 13506 3 20075725 17 tdl 4 the indestructible botnet title TDL 4 The indestructible botnet? & 124 The Digital Home CNET News publisher News.cnet.com date 2011 06 30 accessdate 2011 10 15 ref ref cite web url http technoglobes.com 2011 07 indestructible tdl4 botnet title Indestructible TDL 4 Botnet? publisher Techno Globes date 2011 07 02 accessdate 2011 10 15 ref References Reflist Category Botnets malware stub ... more details
Infobox software name Sysinternals RootkitRevealer logo File screenshot File caption collapsible author developer Bryce Cogswell and Mark Russinovich released discontinued yes latest release version 1.7 latest release date start date and age 2006 11 1 latest preview version latest preview date programming language Microsoft C ref name ch9 video rp 07 08 operating system Windows XP and Windows Server 2003 platform IA 32 size Nowrap 231 Kilobyte KB language English status Discontinued genre Security software license Closed source freeware website URL http technet.microsoft.com en us sysinternals bb897445 RootkitRevealer is a proprietary software proprietary freeware tool for rootkit detection on Microsoft Windows by Bryce Cogswell and Mark Russinovich . It runs on Windows XP and Windows Server 2003. Its output lists Windows Registry and file system API discrepancies that may indicate the presence of a rootkit. It is the same tool that triggered the Sony BMG copy protection rootkit scandal . ref cite news last Russinovich first Mark title Sony, Rootkits and Digital Rights Management Gone Too Far url http blogs.technet.com b markrussinovich archive 2005 10 31 sony rootkits and digital rights management gone too far.aspx accessdate 10 November 2011 newspaper Mark s Blog date 31 October 2005 ref RootkitRevealer is no longer being developed. ref name ch9 video cite video title Mark Russinovich and Aaron Margosis Introducing Windows Sysinternals Administrator s Reference url http channel9.msdn.com posts Mark Russinovich and Aaron Margosis Introducing Windows Sysinternals Administrators Reference work Channel 9 discussion forum Channel 9 publisher Microsoft Corporation accessdate 10 November 2011 date 28 July 2011 first1 Mark last1 Russinovich first2 Aaron last2 Margosis ref rp 08 16 References Reflist Microsoft Security Products Category Microsoft software Category Computer security software Category Windows software Category Windows only software Category Rootkits Windows ... more details
orphan date November 2009 Infobox Software name ZeroSpyware screenshot Deleted image removed Image Zerospyware.jpg 250px caption ZeroSpyware Screenshot developer http www.fbmsoftware.com FBM Software latest release version 3.4 latest release date April 11, 2006 operating system Microsoft Windows genre spyware removal software license Shareware website http www.fbmsoftware.com www.fbmsoftware.com ZeroSpyware is a proprietary anti spyware software developed by FBM Software for the Microsoft Windows Windows platform. It can scan and remove many, but not all, spyware and adware programs, as well as rootkit s, Trojan horse computing trojans , keyloggers, dialers, browser hijackers, and commercial surveillance software. The software is characterized by its Macromedia Flash Flash based interface and built in customer support protocol. The software was once listed on spywarewarrior as a Rogue Suspect Anti Spyware Product, because it detected false positives. ref http www.spywarewarrior.com rogue anti spyware.htm zs note ref In September 2004 a new version for the software was released the issues in the last version were resolved. References reflist External links http www.zerospyware.com Official ZeroSpyware website http www.aselabs.com articles.php?id 176 Product review by ASE Labs. Category Shareware Category Spyware removal Category Windows software Category Windows only software Windows software stub ja ... more details
wiktionary black light blacklight A black light is a lamp which operates near the ultraviolet range of light Black Light or Blacklight may also refer to tocright Literature Black Light novel Black Light novel , a 1996 Bob Lee Swagger novel by Stephen Hunter Black Light comics , several comics related uses, including Blacklight Image Comics , two Image Comics characters Blacklight MC2 , a Marvel Comics character Blacklight Fox Atomic Comics Blacklight Fox Atomic Comics , a comic book and video game Music The Black Light , a 1998 album by Calexico Black Light album Black Light album , a 2010 album by Groove Armada Black Light EP Black Light EP , a 2006 EP by Amit Erez Blacklight Iris album Blacklight Iris album , 2010 Blacklight Tedashii album Blacklight Tedashii album Other uses Blacklight Tango Down , a 2010 first person shooter video game Blacklight Retribution , a 2012 online first person shooter video game Blacklight Power , a company founded to develop alternative energy based on Hydrino theory BlackLight, a rootkit detection utility from F Secure See also Intitle Black light Intitle Blacklight Backlight , a form of illumination used in liquid crystal displays LCDs Backlighting lighting design , a technique for photography or the stage Dark Light disambiguation disambiguation fr Lumi re noire homonymie ... more details
Multiple issues orphan February 2009 inappropriate tone December 2007 no footnotes March 2010 Nurech.B is a computer worm that infects computers through MSN Messenger . It inserts a link in the chat window while you are chatting with someone, thus making it look as if your friend sent it and thus exploiting that trust. Once you click on that link, it downloads an .exe file with a name such a Valentine Card or Happy Valentine s Day . Once infected, it spreads through your MSN to your friends and is invisible. Effects The virus disables virus scanners and access to the folders containing any antivirus software . It adds keys to the registry as well, and therefore you won t be allowed to access the registry either. You cannot get rid of it from the registry using registry cleaning software because it has a rootkit function that allows it to hide its key in the registry and also its processes thus making it virtually invisible. Many people head to Google to search for an antivirus software but any search for terms such as virus, spyware, malware etc. closes the browser. External links http www.symantec.com security response writeup.jsp?docid 2007 041314 1900 99&tabid 1 Symantec summary of virus http www.pandasecurity.com homeusers security info about malware encyclopedia overview.aspx?IdVirus 150198 Description at Panda Security Category Computer worms ... more details
Unreferenced date March 2008 The Ramen worm , also referred to albeit incorrectly as the Ramen virus , was a Computer worm worm that spread in January 2001, targeting systems running versions 6.2 and 7.0 of the Red Hat Linux distribution. This worm propagated using a brute force technique, searching the Internet for other machines running Red Hat Linux and copying itself to them. Once it infected a machine, it patched that same vulnerability, installed a rootkit , and sent the system s identity to an e mail address coded in the worm. An unusual feature of this worm was its calling card that made infected systems easily identifiable It replaced all files on the system named Webserver directory index index.html with a modified version with the page title Ramen Crew , containing the following text and image link RameN Crew Hackers looooooooooooooooove noodles. This site powered by nowiki image http www.nissinfoods.com tr oriental.jpg nowiki The referenced image is no longer available on the indicated server. See also Linux malware Category Exploit based worms Ramen worm Category Linux malware Category Rootkits de Ramen Wurm pt Ramen worm ... more details
notability date March 2012 NOINDEX The Android Debug Bridge ADB is a tool kit for Android operating system Android developers, available for Microsoft Windows Windows , Linux , and Mac OS X . Found as part of the Android SDK Platform tools package, it consists of both client and server side programs ref name ADBdev http developer.android.com guide developing tools adb.html Android Debug Bridge Android Developers Accessed April 14, 2011 ref that communicate with one another. The ADB is typically accessed through the command line interface . ref name ADBdev Usage The format for issuing commands through the adb is typically adb d e s serialNumber command Security In March 2011, Android was targeted using a resource exhaustion attack ref Lemos, Robert http informationweek.in Open Source 11 03 25 Open source vulnerabilities paint a target on Android.aspx Open source vulnerabilities paint a target on Android March 25, 2011, accessed April 14, 2011 ref to attempt to install a rootkit on the target phone using ADB. See also Android operating system Android software development Fastboot Galaxy Nexus Google Nexus Rooting Android OS References reflist External links http developer.android.com guide developing tools adb.html Android Debug Bridge developer.android.com http android dls.com wiki index.php?title ADB ADB Android Wiki Android Category Android software Programming software stub ... more details
Multiple issues refimprove June 2009 essay like June 2009 orphan March 2009 Image CastleCops.png right CastleCops was a volunteer security community focused on making the Internet a safer place. All services to the public were free, including malware and rootkit cleanup of infected computers, malware and Phishing phish investigations and terminations, and searchable database lists of malware and file hashes. It was targeted by spammers throughout its existence, but fought back using legal means to defeat them. ref http www.computerworld.com action article.do?command viewArticleBasic&articleId 9096278 Hacker pleads guilty to attacking antiphishing group posted June 10, 2008 on ComputerWorld ref History Education and collaborative information sharing were among CastleCops formerly known as Computer Cops before the name change in 2005 highest priorities. They had been achieved by training the volunteer staff in their anti malware, phishing, and rootkit academies and through additional services including CastleCops forums, news, reviews, and continuing education. CastleCops consistently worked with industry experts and law enforcement to reach their ultimate goal in securing a safe and smart computing experience for everyone online. CastleCops reached its five year anniversary in February 2007 with accolades from well known computer security industry pundits and players. ref http blog.washingtonpost.com securityfix 2007 01 in praise of the phish fighter.html Washington Post In Praise of the Phish Fighters http www.symantec.com enterprise security response weblog 2007 02 castlecops celebrates five yea.html Symantec CastleCops Phighting Phish http blog.spywareguide.com 2007 01 celebrate with castlecops.html SpywareGuide.com CastleCops Five Year Anniversary http sunbeltblog.blogspot.com 2007 02 recognizing paul and robin laudanski.html Sunbelt In Recognition of the Founders http www.google.com corporate security.html Google Thanks You ref On December 24, 2008, the CastleCo ... more details
Encyclopedia
top
