Chapter 1 - 03 - Define Malware and its Types - 18_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Information Security Threats and Vulnerabilities Exam 212-82 Rootkits @ Rootkits are programs that hide their presence RV as well as attacker’s malicious activities, granting A V them full access to the server or host at that time, and in the future 101101 ," f : L S’ 0101708 Rootkits replace certain operating system (—\ »" calls and utilities with their own modified versions of those routines that, in turn, undermine the security of the target 210301191 11. : _ | / L AR - 7 system causing malicious functions to be executed A typical rootkit comprises of backdoor programs, DDoS programs, packet sniffers, log-wiping utilities, IRC bots, etc. Copyright © by EC- L. All Rights Reserved. Reproduction i Strictly Prohibited Rootkits (Cont’d) @ The attacker places a rootkit by: @ Objectives of a rootkit: O Scanning for vulnerable computers and servers on the web O To root the host system and gain remote backdoor access Q Wrapping it in a special package like a O To mask attacker tracks and presence game Q Installing it on public computers or of malicious applications or processes QO To gather sensitive data, network corporate computers through social traffic, etc. fromthe system to which engineering O Launching a zero-day attack (privilege escalation, buffer overflow, Windows kernel exploitation, etc.) attackers might be restricted or possess no access O To store other malicious programs on the system and act as a server resource for bot updates Copyright © by EC- cll. All Rights Reserved. Reproduction is Strictly Prohibited. Rootkits Rootkits are software programs designed to gain access to a computer without being detected. They are malware that help attackers gain unauthorized access to a remote system and perform malicious activities. The goal of a rootkit is to gain root privileges to a system. By logging in as the root user of a system, an attacker can perform various tasks such as installing software or deleting files. It works by exploiting the vulnerabilities in the OS and its Module 01 Page 73 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Threats and Vulnerabilities Exam 212-82 applications. It builds a backdoor login process in the OS via which the attacker can evade the standard login process. Once the user enables root access, a rootkit may attempt to hide the traces of unauthorized access by modifying drivers or kernel modules and discarding active processes. Rootkits replace certain OS calls and utilities with their own modified versions of those routines that, in turn, undermine the security of the target system by executing malicious functions. A typical rootkit comprises backdoor programs, DDoS programs, packet sniffers, log-wiping utilities, IRC bots, and others. Rootkits are used to hide viruses, worms, bots, etc., and are difficult to remove. Malware that are hidden by rootkits are used to monitor, filter, or steal sensitive information and resources, change the configuration settings of the target computer, and perform other potentially unsafe actions. Rootkits are installed by attackers after gaining administrative access, either by manipulating a vulnerability or cracking a password. Once the attacker obtains control over the target system, they can modify files and existing software that detects rootkits. Rootkits are activated each time the system is rebooted, before the operating system completes loading, making their detection challenging. Rootkits install hidden files, processes, hidden user accounts, etc., in the system’s operating system to perform malicious activities. They intercept data from terminals, keyboard, and network connections, and enable attackers to extract sensitive information from the target user. Rootkits gather sensitive user information such as usernames, passwords, credit card details, and bank account details, in order to commit fraud or accomplish other malicious objectives. The attacker places a rootkit by = Scanning for vulnerable computers and servers on the web = Wrapping the rootkit in a special package like a game = |Installing it on public or corporate computers through social engineering * lLaunching a zero-day attack (privilege escalation, Windows kernel exploitation, etc.) Objectives of a rootkit: * To root the host system and gain remote backdoor access * To mask attacker tracks and presence of malicious applications or processes = To gather sensitive data, network traffic, etc. from the system for which attackers might be restricted or have no access = To store other malicious programs on the system and act as a server resource for bot updates Module 01 Page 74 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.