Rootkit was first introduced in SunOS operating system by Lane Davis and Steven Dake. This technology is used by Root on Unix (equivalent to the System Administrator on Windows). This technology serves to restore the root password that they forgot.
The term rootkit is the more famous
after there is a world-class music companies that apply to secure the CD music from piracy. Although this technology can prevent piracy, but the use of this technique allows malicious applications rootkit planted ride the music companies.
Rootkit techniques are prone to be used for malicious purposes. If you still remember, like the Alman or Bacalid virus that uses rootkit techniques so difficult to detect. The application of his removal could not finish 100% due to viral malicious programs that use rootkit technology runs resident and difficult to detect. He walked by naked eye, still without a voice, and carry out attacks without ever you know. Actually, the rootkit is basically a technology that can be used for purposes that are nice and helpful. An example is the use in applications rootkit antivirus, firewall, software protection, DRM (Digital Right Management), as well as simulation application disc media such as daemontools. However, rootkit techniques can also be used to create malicious applications are difficult to overcome.
Kinds of Rootkits
Based on the targets attacked, rootkits were distributed into 6 types, namely:
1. Application Rootkit
Application Rootkit, A rootkit is created by modifying the binary code of an application directly or commonly referred to as binary code patching. Rootkits of this type usually found on the type of trojan malware to inject a virus into an object or system.
2. Library rootkit
Library Rootkit is a rootkit that target the library. Library itself is a file such as a library function that has been collected into one with a view to facilitate the programmer in creating and developing an application. Library marked with the suffix "etc." as "kernel" ect".
3. Kernel Rootkit
Kernel rootkits running on the kernel level (mode not protected), or on the X86 architecture system is known as ring 0.
4. Bootloader Rootkit
Bootloader is the type of rootkit that is residing in the MBR (Master Boot Records), so as to control the course of booting the operating system. Rootkit type is also known by the name Bootkit or "Evil Maid Attack",
5. Level Hypervisor Rootkit
This type of rootkit is able virtualises original operating system so that the guest operating system, so that the entire control of the operating system can be taken over by this type of rootkit. One of the existing rootkit type is SubVirt, is a Virtual Machine based rootkit, developed by Microsoft and the University of Michigan.
6. BIOS rootkits
BIOS rootkits also called the firmware rootkit, the rootkit that was the most horrible on the deepest level, living in the firmware and start active when all the initial activity of the computer occurs.
Response
There are several ways to clean the malicious programs that use rootkit technology on computers that have been infected. But the method used depends on the type of rootkit that infects, so as we need to know in advance which type of rootkit infect our computers. To detect the rootkit, you should run the infected computer as a slave and use the operating system of PE (preinstalled environment) or liveCD to investigate. There are very many types of this LiveCD operating system such as DSL (Damn Small Linux)-ever default on a DVD, and much more. Do scanning using special software designed to clean the rootkit, then do an investigation on areas that are prone inhabited by the rootkit. Because, cleaning a rootkit is operating very close relationship with the system configuration, you better ask for help to the people who have expertise to do so. Because it can be fatal if you aren,t careful.
AVI vs Rootkit
At now the AVI is not designed to deal with rootkits. AVI is currently in transition or developing the latest version (version 3), in which one of its features are Anti-Rootkit. In addition, AVI version 3 also has many new features that will optimize your computer's security from malicious programs attack.
Rootkit techniques are prone to be used for malicious purposes. If you still remember, like the Alman or Bacalid virus that uses rootkit techniques so difficult to detect. The application of his removal could not finish 100% due to viral malicious programs that use rootkit technology runs resident and difficult to detect. He walked by naked eye, still without a voice, and carry out attacks without ever you know. Actually, the rootkit is basically a technology that can be used for purposes that are nice and helpful. An example is the use in applications rootkit antivirus, firewall, software protection, DRM (Digital Right Management), as well as simulation application disc media such as daemontools. However, rootkit techniques can also be used to create malicious applications are difficult to overcome.
Kinds of Rootkits
Based on the targets attacked, rootkits were distributed into 6 types, namely:
1. Application Rootkit
Application Rootkit, A rootkit is created by modifying the binary code of an application directly or commonly referred to as binary code patching. Rootkits of this type usually found on the type of trojan malware to inject a virus into an object or system.
2. Library rootkit
Library Rootkit is a rootkit that target the library. Library itself is a file such as a library function that has been collected into one with a view to facilitate the programmer in creating and developing an application. Library marked with the suffix "etc." as "kernel" ect".
3. Kernel Rootkit
Kernel rootkits running on the kernel level (mode not protected), or on the X86 architecture system is known as ring 0.
4. Bootloader Rootkit
Bootloader is the type of rootkit that is residing in the MBR (Master Boot Records), so as to control the course of booting the operating system. Rootkit type is also known by the name Bootkit or "Evil Maid Attack",
5. Level Hypervisor Rootkit
This type of rootkit is able virtualises original operating system so that the guest operating system, so that the entire control of the operating system can be taken over by this type of rootkit. One of the existing rootkit type is SubVirt, is a Virtual Machine based rootkit, developed by Microsoft and the University of Michigan.
6. BIOS rootkits
BIOS rootkits also called the firmware rootkit, the rootkit that was the most horrible on the deepest level, living in the firmware and start active when all the initial activity of the computer occurs.
Response
There are several ways to clean the malicious programs that use rootkit technology on computers that have been infected. But the method used depends on the type of rootkit that infects, so as we need to know in advance which type of rootkit infect our computers. To detect the rootkit, you should run the infected computer as a slave and use the operating system of PE (preinstalled environment) or liveCD to investigate. There are very many types of this LiveCD operating system such as DSL (Damn Small Linux)-ever default on a DVD, and much more. Do scanning using special software designed to clean the rootkit, then do an investigation on areas that are prone inhabited by the rootkit. Because, cleaning a rootkit is operating very close relationship with the system configuration, you better ask for help to the people who have expertise to do so. Because it can be fatal if you aren,t careful.
AVI vs Rootkit
At now the AVI is not designed to deal with rootkits. AVI is currently in transition or developing the latest version (version 3), in which one of its features are Anti-Rootkit. In addition, AVI version 3 also has many new features that will optimize your computer's security from malicious programs attack.
