Root Kits part 1: Do you have one, Are you sure????
A Rootkit is a series of programs that are designed to hide themselves and allow someone to have access to your computer's Operating System. The term “rootkit” or “root kit” comes from the Linux/Unix “Root” or “Administrator” privileges and “kit” or a series of programs. Although a rootkit can be one single program, it's typically a a group of programs working together. Rootkits can be on Windows, Linux, Unix, or even Mac Operating Systems
A Brief History of Rootkits
Rootkits have been around since the early 1990's. The first known use of a rootkit was rumored to be by Lance Davis and Steve Dake, who inserted a rootkit into a Sun Microsystems version of SunOS -- although no public record of this has been found. Prior to that, Ken Thompson sent a root-kitted version of a GNU C compiler to Bell Labs for their Unix OS. But the most famous use of Rootkits would have been Sony/BMG. They included DRM (Digital rights management) in various CD's that utilized rootkits to hook into the CD-ROM's and prevent the DRM from being bypassed. These rootkits were discovered by Mark Russinovich, purely by accident as he was testing his new “rootkit revealer” program. The resulting scandal was a slap in the face for Sony. Even today corporation such as Microsoft are developing rootkit in an attempt to keep control over the implementation of their software. Windows Genuine Advantage is designed to check the validity of a computer user's copy of the operating system. But the tool became a subject of heightened controversy, after PC users began noticing that it was making daily contact with Microsoft's servers without their knowledge, even if their software was valid.
How does a RootKits work?
Contrary to the name, rootkits do not give an intruder administrator access. In order to install itself in a system by replacing crucial operating system administration files, it would require the intruder to already have root or administrator access. This is achieved by exploiting a vulnerability in a computer system which would lead to user or administrator level access.
An exploit (from the same word in the French language, meaning "achievement", or "accomplishment") is a piece of software, a chunk of data, or sequence of commands that take advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized). This frequently includes such things as violently gaining control of a computer system or allowing privilege escalation or a denial of service attack
Privilege escalation type exploits are normally used to gain administrator access before an attacker installs a rootkit to hide his activities, thus allowing him to maintain administrator access without the knowledge of the system owner.
A successfully-installed rootkit allows unauthorized users to maintain access as system administrators, and thus to take and keep full control of the compromised system. Most rootkits typically hide files, processes, network connections, blocks of memory, or Windows Registry entries from other programs used by system administrators to detect specially privileged accesses to computer system resources. However, a rootkit may masquerade as or be intertwined with other files, programs, or libraries with other purposes. It is important to note that while the utilities bundled with a rootkit may be maliciously intended, not every rootkit is always malicious. Rootkits may be used for both productive and destructive purposes. Nonetheless, the use of another person's or organization's computer resource without their consent is unethical - and quite probably illegal - in most cases.
Many rootkits hide utility programs. Those that do so usually aim to abuse a compromised system, and often include a so-called "backdoor" to give the attacker subsequent access at will. A simple example might be a rootkit which hides an application that spawns a command processing shell when the attacker connects to a particular network port such as TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) port on the system. Kernel rootkits may include similar functionality.
1. Rootkits for Dummies by by Larry Stevenson (Author), Nancy Altholz (Author) 2. Designing BSD Rootkits: An Introduction to Kernel Hacking (Paperback) by Joseph Kong 3. Microsoft WGA Attracts Copycat Worm and Second Lawsuit by By: Matt Hines http://www.eweek.com/c/a/Security/Microsoft-WGA-Attracts-Copycat-Worm-and-Second-Lawsuit/ 4. Rootkit by Wikipedia.org, http://en.wikipedia.org/wiki/Rootkit