Essentially a Rootkit Malware is a rogue program that insinuates itself deep into your computer either in the operating system or an even deeper level such as the KERNEL or Master Boot Record (MBR) structure of your computer in order to hide itself from traditional virus removal techniques. Rootkits are different than traditional malware because regular malware tries to pass as "just another program" on your computer while the Rootkits try to pass themselves off as part of the operating system or a component of your hardware and that's tougher to detect.
Rootkits employ a variety of techniques to gain control of a system. Here are a few of the major areas they target:
· The O/S Kernel– the core of your operating system
· Hardware/Firmware – the embedded codes that drive the hardware components in your PC
· The Master Boot Record (MBR) – the area which defines how your hard drives are structured and loaded
Once installed, a rootkit works to obscure its presence within your computer through subversion or evasion of the standard security tools used for detection. Rootkits do this by modifying the behavior of core parts of your system. The fundamental problem with rootkit detection is that once the operating system has been compromised, it can’t be trusted to find unauthorized modifications to itself or its components.
Antivirus products rarely catch all rootkits even though security vendors incorporate rootkit detection into their products. Some attackers even use counterattack mechanisms that can turn off or disable antivirus programs. Signature-based detection methods can be effective against well-published rootkits, but will fail against more well written rootkits or those recently introduced that haven’t “made the list” yet.
How to remove a Rootkit
Manual removal of a rootkit is often too difficult for a typical computer user. There are experts who believe that the only reliable way to remove them is to re-install the operating system from scratch. Don’t give up hope, though. Booting from trusted media can sometimes allow an infected system volume to be mounted without the malware starting up and potentially then can safely be cleaned and critical data can be copied off.
Defending your computer
System hardening represents one of the first layers of defense to keep a Rootkit from entering your system in the first place. Applying security patches, reducing the attack surface and installing antivirus software are some standard security best practices. Once these steps are in place, routine monitoring is still required.
A final word of caution
If you’re not familiar with detecting and removing malware, it’s a good idea to turn your computer over to a professional who is. Not all computer technicians are proficient in this area and you don’t want anyone “experimenting” on your system. Some tech’s take the attitude of “screw it, let’s just reformat this sucker!” and you’ll lose potentially recoverable data. Others may dramatically over-charge and only sometimes are effective at getting the job done. For example, the standard flat fee from The Geek Squad at Best Buy is usually between $250-$300 while our carry-in fee is usually about half of that and we guarantee our work.Unfortunately, there is no single Silver Bullet that will clean your system in one pass. ACT technicians use a cocktail of many different tools in a blend that removes malware and saves your data about 95% of the time. That blend of tools changes frequently as threats morph and different packages prove more or less effective on new threats. Fighting malware is a constantly changing environment. Gone are the days when we fought 6,000 to 7,000 new threats each year. Kaspersky Labs reported that by the end of 2012 the proliferation of new malware reached an average of 200,000 new threats each day!
If you need help disinfecting your computer or server, contact ACT for help from an experienced security professional by calling (847) 639-7000 or emailing support@act4networks.com
0 comments:
Post a Comment