IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [rootkits]

A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators by subverting standard operating system functionality or other applications. The term rootkit is a concatenation of "root" (the traditional name of the privileged account on Unix operating systems) and the word "kit" (which refers to the software components that implement the tool).

A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators by subverting standard operating system functionality or other applications. The term rootkit is a concatenation of "root" (the traditional name of the privileged account on Unix operating systems) and the word "kit" (which refers to the software components that implement the tool).

173 questions
8
votes
2 answers

Perl script rootkit (exploit)

I received a spam abuse few days ago on my server. As a precaution, I blocked the SMTP port and started an investigation. I found a running Perl process. The script it was using was deleted but I found its contents in /proc/PID/fd/3. Here's its…
Olier Saari
  • 81
  • 1
  • 3
5
votes
1 answer

How can a rootkit infect Windows without signed driver file?

Windows 7 64 bit and newer versions feature Driver Signature Enforcement, which prevents loading an unsigned driver. Then how can some kernel-mode rootkits infect Windows? I rea Lets say, some user downloaded and ran some rootkit dropper. What…
noop
  • 51
  • 1
4
votes
3 answers

how to detect the origin of a hacker attempting to breach or who has sucesfully breached a network or system

In the case of detecting that a system is infected with a root-kit, what if any thing can be done to trace route the origins of the remote out going packets to attempt to find out where the attacker was logging in from? I ask this question as more…
Keegan Black
  • 61
  • 1
  • 4
3
votes
0 answers

Find the installer of a Rootkit and reason for attack on a Linux OS?

My Linux Jenkins server was compromised and a Rootkit was installed. I know this since a running process tells me the path Jenkins job is running and it includes a URL with path pointing to a Python script. On a different host I opened that script…
Jose Leon
  • 159
  • 1
  • 3
3
votes
1 answer

Tools to analyze Hooks on Windows 7 / 2008, x64 platform

What tool can I use to analyze Hooks (SSDT, Inline etc.) on Windows 7 / 2008? (x64 Platform) Rku (Rootkit Unhooker) is the only tool I know, which is not available for x64 platforms.
daisy
  • 2,067
  • 7
  • 31
  • 44
2
votes
2 answers

Does Windows protect MBR from being overwritten?

I have read article about TDL/Alureon Rootkit: According to research published on Monday by GFI Software, the latest TDL4 installation penetrates 64-bit versions of Windows by bypassing the OS’s kernel mode code signing policy, which is designed to…
n00p
  • 121
  • 2
2
votes
1 answer

Access encrypted system/files with rootkit

I have encrypted files that I need access to but I believe the BIOS/UFEI/hardware or recovery partition have a rootkit or keylogger now in order to get my encryption password for the encrypted system partition. Can they install a rootkit/keylogger…
Rem
  • 29
  • 1
1
vote
2 answers

Is badBIOS real?

We've heard a lot about badBIOS and how low level rootkits can be used to exploit/bypass traditional security but can this story be true? bypass operating system security hide from the system communicate with speaker/mic Also, if true, how would…
jako
  • 33
  • 7
1
vote
2 answers

PC Component Firmware integrity and security

I recently bought a new laptop. If you read the news you must've noticed Vault 6 and Vault 7 leaks (from Wikileaks), which contain rootkits which sit on your Hard Drive Firmware, MBR and other hidden partitions. Since it's out in the open not only…
Sir Muffington
  • 1,611
  • 2
  • 13
  • 25
1
vote
1 answer

Discrepancies between rkhunter itemized report and summary

I am new to rkhunter, which I have been using on Lubuntu 18.04. While it is running, it indicates an itemized scan of rootkits in two waves. First, it states: Performing check of known rootkit files and directories. Then: Performing additional…
Absurdistan
  • 185
  • 2
  • 6
1
vote
0 answers

Is there a way to install a rootkit without kernel headers?

I was just wonderin, is there a way to create a rootkit without the kernel header files? I'm trying to have fun with a mips device and I'm curious if there is another way to infect it.
robertroja
  • 11
  • 1
1
vote
1 answer

How do you assess if your computer has a hardware rootkit?

How do you assess if your computer has a hardware rootkit? There was another question about Chipsec with no answers, I assume no one knows the answer. Any other way to assess?
Peter
  • 11
  • 1
1
vote
0 answers

busybox rootkit?

I use Buildroot zImage and kernel build for my rpis and busybox for my Linux command box. It's the second time I seem to have a rootkit, a root sh history give me that, so my question is: is it a rootkit ? 324 /bin/busybox cp; /gweerwe323f 325 …
stefff
  • 21
  • 1
0
votes
0 answers

How rootkits hide a specified process?

I heard that a rootkit can hide itself and specified files, processes, and network links. I know it can set a file to be hidden, but how does it hide a process? Such as, there is a httpd process running so that ps -ef does not show the httpd…
qg_java_17137
  • 111
  • 1
-1
votes
1 answer

Confused as to what changing the internal process of the OS is

I am a highschool student taking TestOut's Ethical Hacker Pro. Currently I am learning about rootkits and Sirefef. When explaining Sirefef, it says: Sirefef hides itself by altering the internal processes of an operating system so that your…
Jordan Baron
  • 11
  • 1