A user mode rootkit changes applications at a user level and provides backdoor access; however it can be picked up by antimalware protection. A better rootkit is kernel mode, which places the rootkit on the same level as the OS and antimalware software.
- [Instructor] To develop a rootkit,…a hacker can use a freely available rootkit creator program,…which generally has a graphical user interface…and allows you to select options such as…opening the CD player, generating pop-ups,…or disabling the antivirus.…In general, though, they can only do limited activities.…A truly effective rootkit is written…by a professional programmer.…Rootkits are almost always designed to run…with superuser privileges that are normally reserved…for the sysadmin or root user.…
A good rootkit will sniff passwords,…create hidden directories,…and avoid any security measures…designed to pick up any activity…as it communicates with the network.…Identifying rootkit behavior can be difficult,…as a rootkit is designed to avoid being detected…by deleting any evidence of processes…the attacker has generated,…and even remove the rootkit when the job is complete.…Many times they are only identified by a rootkit scanner.…
Now rootkits try to stay hidden…using active and passive methods.…An active offense would include disabling…
Join cybersecurity expert Lisa Bock in this course as she explains how to identify vulnerabilities in your system, and how to then take countermeasures to prevent unwanted access. Lisa explains how hackers can use a Trojan to penetrate a network and lists the methods and tools that they use. She follows up by sharing how you can perform ethical hacking of your own system to detect areas of susceptibility, so you can address the flaws and defend against attacks. She also discusses rootkits, SSDP amplification attacks, ICMP, and more.
Note: Learning about ethical hacking for Trojans and backdoors is part of the Malware competency from the Certified Ethical Hacker (CEH) body of knowledge.
- Identifying and removing Trojans
- Defending against Trojans
- Blended threats
- SSDP amplification attack
- Disguising FTP, HTTP, and ping
- Using ICMP
- Detecting, removing, and avoiding rootkits