Test 1

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 1

Etetwet etwt wet wtetew sdgsdgsdhs

therefore, to hide all indications of their presence on victim systems. Most rootkits incorporate
one or more hiding mechanismsas a rule, the more sophisticated the rootkit, the more of these
mechanisms are part of the rootkit and the more profi cient these mechanisms are.
Th e most basic type of hiding mechanism is one in which log data pertaining to an attackers
log-ins and log-outs on the victim system are erased so that when system administrators inspect
the systems audit logs, they do not see any entries that report the attackers having logged in or
out or having done anything else on the system. Additionally, many rootkits delete any evidence
of processes generated by the attacker and the rootkit itself. When system administrators enter
commands or use system utilities that display the processes that are running, the names of processes
started in connection with all facets of the attack (including the presence of a rootkit) are
omitted from the output. Rootkits may also hide fi les and directories that the attacker has created
in a number of ways, including changing commands used to list directory contents to have them
exclude fi les that the attacker has created or (as explained in more detail shortly) making changes
to the kernel of the operating system itself to cause it to provide false information about the presence
and function of certain fi les and executables. To allow backdoor access by attackers, rootkits
almost always open one or more network ports on the victim system. To preclude the possibility of
discovering rootkits when system administrators examine open (listening) ports, many rootkits
thus also hide information about certain ports status. Additionally, some rootkits change what
happens when certain executables are invoked by legitimate users (e.g., system administrators)
such that malicious executables that superfi cially appear to work like the original executables
are run instead. Finally, some rootkits (e.g., those with keystroke logging capability) capture or
change information sent to or from hardware devices that interface with victim systems.
Backdoor Mechanisms
Rootkits almost without exception also provide attackers with remote backdoor access to
compromised
systems. One of the most common ways of providing this kind of access is creating
encrypted connections such as secure shell (SSH) connections that not only give attackers remote
control over compromised systems, but also encrypt information to prevent it from being available
for analysis by network-based intrusion detection systems (IDSs) and intrusion prevention
systems (IPSs) as well as network monitoring tools. Additionally, SSH implementations used in
connection with rootkits require entering a username and password, thereby also helping prevent

You might also like