Chapter 8. Rootkits
Prashant Pathak
8.1 Introduction
Symantec Security Response defines a rootkit as follows [337]:
A rootkit is a component that uses stealth to maintain a persistent and undetectable presence on the machine.
The term “rootkits” originally referred to a modified set of commonly used UNIX utilities such as ps
, ls
, login
, passwd
, and netstat
. These kits were trojaned copies of original programs used by attackers to hide their traces on a victim machine. Once the victim machine was compromised, the attacker used these kits to replace original programs. The modified versions hide specific system information such as processes, files, ports, registry, and disk space related to the rootkit, thereby concealing the presence of the ...
Get Crimeware now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.