Vulnerability Development mailing list archives
Re: Positive uses for rootkits
From: Jonathan James <Jonathan () SECURITO SE>
Date: Fri, 23 Mar 2001 20:34:47 +0100
1. Are most rootkits simply shell scripts or real programs?
Most rootkits are installed as Operating System Modules: Win95/Win98/WinME: - .VxD files Windows NT/2000 - .sys files Linux - LKMs (Linux Kernel Module) With Kernel Modules installed you've generally got 100% control of the current hosting operating system. This means that you can filter output that is sent to the user, hook into the filesystem calls etc.. Kernel modules are hard to detect (for the common everyday user) and can be installed so that they are hard to remove.
2. Would there be anyway to stop programs from overwriting those files with programming calls? (Maybe making them read-only and modifying chmod...)
Anything is possible when you've penetrated the OS layer. For more information and examples check out the KNARK rootkit by Creed for Linux (http://packetstorm.securify.com/UNIX/penetration/rootkits/knark-0.59.tar.gz ) or Greg Hoglunds Windows rootkit (www.rootkit.com). Yours Sincerely Jonathan James
Current thread:
- Positive uses for rootkits Daniel McCranie (Mar 22)
- Re: Positive uses for rootkits Nicolas Gregoire (Mar 23)
- Re: Positive uses for rootkits Chih hung Feng (Mar 23)
- Re: Positive uses for rootkits Berend De Schouwer (Mar 23)
- Re: Positive uses for rootkits Gregor Binder (Mar 23)
- Re: Positive uses for rootkits Cedric Blancher (Mar 23)
- Re: Positive uses for rootkits Jason Nicholls (Mar 23)
- Re: Positive uses for rootkits Jonathan James (Mar 25)
- Re: Positive uses for rootkits Dick Visser (Mar 25)
- Re: Positive uses for rootkits Ron DuFresne (Mar 25)
- Re: Positive uses for rootkits Daniel R. Warner (Mar 25)
- Re: Positive uses for rootkits -> off-topic: booting tricks. Alex Schütz (Mar 27)
- Re: Positive uses for rootkits -> off-topic: booting tricks. ze Snark (Mar 28)
- Re: Positive uses for rootkits Dick Visser (Mar 25)
- Re: Positive uses for rootkits The Attitude Adjuster (Mar 25)
- Re: Positive uses for rootkits Ben Ford (Mar 28)
- Re: Positive uses for rootkits Big Woz (Mar 28)
- Re: Positive uses for rootkits Renee Teunissen (Mar 26)
- Re: Positive uses for rootkits Dick Visser (Mar 26)