linux poison RSS
linux poison Email

The most dangerous Rootkit

Dubbed "Mebroot," the rootkit infects the master boot record (MBR), the first sector of a PC's hard drive that the computer looks to before loading the operating system. Since it loads before anything else, Mebroot is nearly invisible to security software.

"You can't execute any earlier than that," F-Secure's chief research officer, Mikko Hypponen, said.

Once a machine is infected, the hacker controlling the rootkit has complete control over the victim's machine, opening up the potential for a variety of other attacks.

For example, the hacker could try and download other malicious software to the machine to log a person's keystrokes and collect financial or personal data

It's still unknown how widespread Mebroot is. VeriSign's iDefense Intelligence Team has said 5,000 users were infected in separate attacks on Dec. 12 and Dec. 19

What is rootkit : The name for a kit of hacker utilities placed on a UNIX machine after a successful compromise. A typical rootkit includes: password sniffer log cleaners replacement binaries for common programs on the system (e.g. inetd) backdoor programs replacements to programs like ls and find so that they will not reveal the presence of the rootkit files. Key point: A rootkit contains many trojaned programs. These programs are used to allow the hacker entry back into the system and to hide the presence of the hacker


Post a Comment

Related Posts with Thumbnails