|
|
|
|
| |
| Rootkits, as we know them now, came into being sometime in the mid 1990s. At that time, Sun operating system UNIX system administrators started seeing strange server behavior, missing disk space, CPU cycles and network connections that strangely did not show up in command netstat. By implementation technology, three main classes of Rootkits are available today: binary kits, kernel kits and library kits. The first class achieves its goal by replacing certain system files with their Trojan counterparts. The second uses kernel components (also called modules) or Trojans, and the third employs system library Trojans. Rootkits found in the wild (such as captured on Honeypots), often combine Trojaned binaries with higher "security" provided by the kernel and library components. |
| |
Credit:
The paper is available for download at: http://www.idefense.com/idpapers/Rootkits.pdf.
|
| |
|
The following linked paper will give an overview of the Rootkits functionality, the different types of Rootkits, and some case studies of captured Rootkits.
|
|
|
|
|
|
|
|
|
|
