Jump to content
xisto Community
gaurdro

Rootkits the security threats that no ones heard of

Recommended Posts

a security threat to be concerned with is the increasing prevalence of viruses containing advanced rootkits to hide their actions or data on the computer. even from the anti-stuff tools. a rootkit was originally a name for tools that hackers/crackers would use to maintain root on unix/linux machines. root is the uber user with all the permissions on a linux box. on windows these tools can be used to hide data on the harddrive and in the registry by manipulating the way the data is stored. THe windows api(the thing windows uses to communicate to the hardware) reads things in certain ways but the data/structures can be vastly different. an example of this is in the registry the data is stored as numbered strings while the api reads them as null terminated string. the data a rootkit would write is:/hkey_something_or_other/folder/"data that is seen\x0(the null character)data i want hidden"and windows will return:/hkey_something_or_other/folder/"data that is seen"the rootkit reads the raw data and bypasses the windows api so it can read the full data. these programs are everywhere already. windows even has one to deal with the special files on an ntfs filesystem and another to deal with windows update. i've heard that there are many tools to find these things but as of yet i haven't looked into any of them.

Notice from truefusion:
Moved to the Security Issues & Exploits forum.

Share this post


Link to post
Share on other sites

Hmm hidig something on your harddrive. But it is impossible to make it completely untrackable. Right? Well I do not think that you can hide anything. Like when you delete something then you empty your trash bin. There is still a way to retrive that data. right? <_<

Share this post


Link to post
Share on other sites

Well I do not think that you can hide anything. Like when you delete something then you empty your trash bin. There is still a way to retrive that data. right? <_<

As you described it, yes you can still retrieve the data. The solution would be to use a "shredder" utility. In essence what it does is find the location and size of the file you want to destroy, and then over-writes it with garbage information fifteen times or more. If you really want to destroy a file overwrite it about fifty times, and there will be no going back.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.