Author Topic: Rootkits  (Read 1456 times)

Graham

  • Administrator
  • *****
  • Posts: 163
    • View Profile
Rootkits
« on: August 25, 2013, 07:52:50 AM »
Rootkits

Introduction & Background (from Malwarebytes Anti-Rootkit readme)

Malwarebytes Anti-Rootkit (MBAR) is a tool designed by Malwarebytes Corporation to detect and remove sophisticated, stealthy forms of malware called “Rootkits”. Rootkits are hidden forms of malware which most normal malware scanning tools cannot detect or remove.

Background:

Rootkits have the ability to infect the very core or ‘root’ of an operating system and hide the existence of certain processes and malicious programs from normal methods of detection. Rootkits can also enable continued privileged access to a computer to make system level modifications, leaving the system heavily compromised.

Malwarebytes Anti-Rootkit (MBAR) is designed to counteract malicious attempts to subvert base core subsystems of an OS which usually make it impossible to detect rootkits using conventional methods. Besides the general functionality of allowing a user to detect and remove rootkits automatically, MBAR contains a set of tools allowing to an experienced user to perform some actions to locate unknown rootkits and remove them manually. To protect itself from being terminated by a rootkit or other malware, MBAR uses Malwarebytes Chameleon technologies which prevent modification or removal or MBAR by malware which may reside on the system.

This allows MBAR to complete the detection and removal process regardless of such attacks. MBAR uses an active internet connection to keep its database up to date to ensure that the most current definitions are used in order to detect and remove the latest 0-day rootkits.

End --


Rootkits install all sorts of payloads buried deep inside the operating system which include keyloggers, back-door access and making your computer part of a botnet.

Apart from spying on everything you do, they also steal all passwords and login data, especially to banks and commercial sites. This information is then sold on to others who specialise in stealing money via the internet.

Some of this malware can turn your video camera on and watch/record you as you go about your daily business.

Rootkits are not only the tools of choice for criminals, but commercial enterprises and governments also, because they remain hidden from view and can even be sent to sleep until such time as they are required.

There is no way that you can fully protect yourself from this malware on any computer that has access to any network or the internet, but there are steps that you can take to mitigate the problem.


There are programmes available that will create a VM (Virtual Machine or Sandbox) on your computer, from which you can safely browse the internet and even install programmes. The VM will not block malware or viruses but offers a safe environment within which you can check things out. After the session you will be asked if you want to keep anything that was downloaded or installed via the VM and if the answer is 'no', then upon closing the session everything that was opened, run, downloaded or installed will be completely wiped from your machine.

This is possible because the VM is a sandboxed temporary copy of your operating environment - nothing gets out into the real environment unless you specifically give it permission. The real environment is invisible to the malware as it can only see the VM.

Also installing good quality anti-virus and anti-malware programmes with firewall on your computer and keeping them up-to-date is very important. Do not rely on one programme for everything.

I have Zonealarm Extreme, Malwarebytes anti-malware (MBAM), Malwarebytes anti-rootkit (MBAR) and Microsoft Windows Defender. My system is scanned twice per day and all files are checked upon opening or downloading.

My system has still been infected on rare occasions by visiting booby-trapped sites or copying a file from some external media, but so far infections have never reached the point of installing themselves or doing any damage.


You can download MalwareBytes' Anti-Malware (MBAM) from here http://www.malwarebytes.org/mbam.php

You can download MalwareBytes Anti-rootkit (MBAR) from here: http://www.malwarebytes.org/products/other_tools/

You should also download the software called Chameleon which will force Malwarebytes software to run even if malware tries to prevent it - and most of the worst kinds of malware prevent all antivirus and malware removal tools from working or updating.

This software is free for personal use - professional versions are available at low cost.

Graham

Jewell

  • Hero Member
  • *****
  • Posts: 5919
  • Love,always love and only love
    • View Profile
Re: Rootkits
« Reply #1 on: August 25, 2013, 02:00:57 PM »
Dear Sri Graham,

Thank You so much for sharing and explaining all this! It is truly a wonder what they can do,and how many ways they are using to jeopardize peoples privacy.

I have noticed what You have said,about possibility to turn on our computer camera,and watch us. I am not sure is that is it,but once i have noticed sound like taking picture coming from my computer. From that moment,i put the sticker on my laptop camera.

Thank You once more,Sir!


With love and prayers,
« Last Edit: August 25, 2013, 08:50:15 PM by Jewell »