Questions tagged [rootkits]

A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators by subverting standard operating system functionality or other applications. The term rootkit is a concatenation of "root" (the traditional name of the privileged account on Unix operating systems) and the word "kit" (which refers to the software components that implement the tool).

A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators by subverting standard operating system functionality or other applications. The term rootkit is a concatenation of "root" (the traditional name of the privileged account on Unix operating systems) and the word "kit" (which refers to the software components that implement the tool).

169 questions
43
votes
7 answers

Can a powered down cell phone be turned on remotely?

I know this is tin-foil hat fodder, but at least one judicial opinion referenced a bug that could track/listen in on the subject "whether the phone was powered on or off," although that may have been a judge misinterpreting the technobabble spouted…
Sam Skuce
  • 573
  • 1
  • 4
  • 7
29
votes
6 answers

Why do malware creators use such clever technologies for such silly purposes?

Some days ago I got infected by a malware, probably something new and very clever, as it went in unstopped and no scanning tool was able to detect it afterwards (see this question). It was a two-stage infection: first an obvious malware went in via…
Massimo
  • 731
  • 5
  • 13
26
votes
4 answers

Linux-based Turla trojan

There are several articles describing the newly discovered Linux-based Turla trojan. But basically, all these articles repeat the same, very limited, information. Can anybody provide more details, such as: How do linux machines get infected Is…
Martin Vegter
  • 1,826
  • 4
  • 27
  • 39
24
votes
8 answers

Detecting and removing Absolute persistence technology

Absolute persistence technology amounts to a persistent rootkit pre-installed by many device manufacturers (Acer, Asus, Dell, HP, Lenovo, Samsung, Toshiba, etc) to facilitate LoJack for laptops, and other backdoor services: The Absolute persistence…
sampablokuper
  • 1,961
  • 1
  • 19
  • 33
24
votes
2 answers

How would one know if they have a rootkit?

Are they impossible to detect? Seeing as the attacker has admin rights and could modify anti virus software that might otherwise be used to detect or circumvent a root kit. Are there certain red flags that point to a root kit? Can they see…
DBroncos1558
  • 341
  • 1
  • 2
  • 7
24
votes
3 answers

What is a rootkit?

As a followup to "Tripwire - Is It Security Theater", I'm looking to get a better idea of what a rootkit is. To be more clear: What is a kernel module? What at high-level is the flow for how it's loaded, and why/what memory is of value? Do linux…
blunders
  • 5,052
  • 4
  • 28
  • 45
22
votes
2 answers

Can a Trojan hide itself, so its activity doesn't appear in task manager process?

Can malicious software hide itself, so its activity doesn't appear in the list of processes from Task Manager? Can it hide itself so when someone is controlling your computer, even if you open Task manager, you won't see any suspicious activity? If…
Steve
  • 259
  • 3
  • 7
19
votes
4 answers

Unknown malware, how to report it and whom to report it to?

I'm a professional Windows system administrator, but I've been caught off-guard (or maybe some malware writer has been very clever) and I caught some unknown malware on my home computer (Windows 7 x64 SP1); it must be a very recent one and/or of a…
Massimo
  • 731
  • 5
  • 13
18
votes
5 answers

Detecting malware-infected USB drives

I'm about to distribute some relatively cheap promotional usb drives to some of my company's clients. I'm fairly confident the company I purchased them from wouldn't intentionally implant malware on the drives - but they were pretty cheap - how can…
Myer
  • 279
  • 1
  • 2
  • 7
18
votes
3 answers

Why do rootkits hide in drivers?

A lot of rootkits for Windows (maybe even Linux?) do hide in drivers. Why is that? One reason I can think of is that using a driver they run in kernel mode and have full system access, but aren't there easier ways to accomplish this? Or are there…
Erik
  • 1,065
  • 1
  • 8
  • 10
16
votes
2 answers

Which Linux kernel vulnerabilities allow installing a kernel-level rootkit?

My question is related to vulnerabilities that allow installing a Linux kernel-level rootkit (for example, to modify the execution flow inside the kernel; for return-oriented attacks; or to modify some structures in order to hide certain…
16
votes
4 answers

What risk does Carrier IQ pose, exactly?

There has been a lot of discussion about Carrier IQ, monitoring software that is pre-installed on many Android phones. Many allegations have been thrown out. My questions: What exactly does Carrier IQ do? What information does/doesn't it record on…
D.W.
  • 98,420
  • 30
  • 267
  • 572
15
votes
5 answers

Are there ways to protect the guest kernels at the hypervisor level?

Let's say I have a linux guest running in xen and I want xen to check the integrity of the guest kernel so that I know there aren't any rootkits, or similar, active. Is there a way to accomplish this in with xen or other hypervisors?
baj
  • 513
  • 5
  • 9
14
votes
5 answers

Is it possible for a phone to be transmitting even while turned off and the battery removed?

Is it technically or theoretically possible for any part of a mobile phone's circuitry to be still on and transmitting even while turned off and the battery has been removed? If so, how? I am thinking perhaps it could remain in a low power state and…
user20702
  • 159
  • 1
  • 1
  • 5
13
votes
2 answers

concrete real-life examples where grsecurity prevented an exploit

From theoretical point of view, grsecurity kernel patch looks like a great hardening tool. Most importantly, PaX seems like a good idea. Do these theoretical advantages have indeed practical effect in preventing malware attack/exploits/rootkits…
Martin Vegter
  • 1,826
  • 4
  • 27
  • 39
1
2 3
11 12