Join Malcolm Shore for an in-depth discussion in this video Hiding malware with rootkits, part of Foundations of Cybersecurity.
- View Offline
- Malware using the basic hiding and cloaking techniques…can be detected by a knowledgeable investigator.…Consequently, the more sophisticated attackers…have developed techniques which install malware…not just as an application or process,…but deep into the heart of the operating system.…This kind of malware is known as a rootkit.…In order to deploy a rootkit,…an attacker must first penetrate a target's system and then…use what's known as a dropper to install the rootkit,…which it either carries as a payload,…or subsequently downloads.…
The job of the dropper is to check…whether the rootkit already exists on the system,…whether the system is operating inside of a virtual machine,…and special checks such as…the country in which it's operating.…Then once it's satisfied that this is…a legitimate and available target,…it inserts the rootkit into the system,…makes sure it can restart after a system boot,…and starts it running.…A rootkit doesn't exploit vulnerabilities.…It's designed to hide, operate,…and carry out its mission using normal system functions.…
By the end of this course, you'll have a greater understanding of the threats that affect private, corporate, and government networks, and the knowledge to prevent attacks and defeat them.
- Dissecting cyber risk
- Working with NIST, COBIT 5, DSS05, and other frameworks
- Exploring cybercrime
- Understanding how malware hides
- Selecting security controls
- Managing user access and identity
- Monitoring your network
- Managing incident response