A rootkit is a program. Rootkits come in all different shapes and styles, some more advance than others. Rootkits are basically programs that help attackers keep their position as root. Rootkits are usually installed on systems when they have been successfully compromised and the highest level of access has been given (usually root). Some rootkits refuse to be installed until the attacker has root access, due to read and write permission to certain files. Once the system has been successfully compromised and the attacker has root, he\she may then install the rootkit, allowing them to cover their tracks and wipe the log files.
Did you find this white paper useful?
24 out of 50 users found this white paper useful
Related white papers
Being Prepared for Intrusion
This article is not about intrusion detection. Instead, it is about being prepared for intrusion as something that will eventually happen. It is about building safety nets. No matter how...
Information Security: Threats and Protection Mechanisms
This white paper offers a glimpse into the safeguards available in the world of information security to protect our communications against threats that are both perceived and actively employed.
Network Security Devices Share the Stage with the Forensic Network Audit
How hackers define themselves: hacker /n./ A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to...
The Design of GrIDS: A Graph-Based Intrusion Detection System
This report documents the design of the Graph-based Intrusion Detection System (GrIDS) in reasonable detail. It is intended as a guide to people who wish to understand the implementation, or...
The Denial-of-Service Problem
Denial-of-service attacks make computer systems inaccessible by exploiting software bugs or overloading servers or networks so that legitimate users can no longer access those resources. Attacks that exploit bugs in...
Firewalls
When the network is connected to a public network, it is exposed to spies, thieves, hackers, thrill seekers, and various other threats. As the public Internet has come to play...
Computer Misuse Detection System (CMDS™) Concepts
The Computer Misuse Detection System (CMDS™) is a computer security product that enables real-time detection of unauthorized computer use through audit data analysis. Audit data analysis is a non-invasive method...
