Essentially a Rootkit Malware is a rogue program that insinuates
itself deep into your computer either in the operating system or an even deeper
level such as the KERNEL or Master Boot Record (MBR) structure of your computer
in order to hide itself from traditional virus removal techniques. Rootkits are different than traditional malware because regular malware tries to pass as "just another program" on your computer while the Rootkits try to pass themselves off as part of the operating system or a component of your hardware and that's tougher to detect.
Rootkits employ a variety of techniques to gain control of a
system. Here are a few of the major areas
they target:
·
The O/S Kernel– the core of your operating system
·
Hardware/Firmware – the embedded codes that drive the hardware
components in your PC
·
The Master Boot Record (MBR) – the area which defines how your
hard drives are structured and loaded
Once installed, a rootkit works to obscure its presence within your
computer through subversion or evasion of the standard security tools used for
detection. Rootkits do this by modifying the behavior of core parts of your system.
The fundamental problem with rootkit detection
is that once the operating system has been compromised, it can’t be trusted to
find unauthorized modifications to itself or its components.
Antivirus products rarely catch all rootkits even though security
vendors incorporate rootkit detection into their products. Some attackers even use counterattack
mechanisms that can turn off or disable antivirus programs. Signature-based detection methods can be
effective against well-published rootkits, but will fail against more well
written rootkits or those recently introduced that haven’t “made the list”
yet.
How to remove a Rootkit
Manual removal of a rootkit is often too difficult for a typical
computer user. There are experts who
believe that the only reliable way to remove them is to re-install the
operating system from scratch. Don’t
give up hope, though. Booting from
trusted media can sometimes allow an infected system volume to be mounted without
the malware starting up and potentially then can safely be cleaned and critical data can
be copied off.
Defending your computer
System hardening represents one of the first layers of defense to
keep a Rootkit from entering your system in the first place. Applying security patches, reducing the attack
surface and installing antivirus software are some standard security best
practices. Once these steps are in place, routine monitoring is still required.
A final word of caution
If you’re not familiar with detecting and removing malware, it’s a
good idea to turn your computer over to a professional who is. Not all computer technicians are proficient
in this area and you don’t want anyone “experimenting” on your system. Some tech’s take the attitude of “screw it,
let’s just reformat this sucker!” and you’ll lose potentially recoverable
data. Others may dramatically
over-charge and only sometimes are effective at getting the job done. For example, the standard flat fee from The
Geek Squad at Best Buy is usually between $250-$300 while our carry-in fee is
usually about half of that and we guarantee our work.
Unfortunately, there is no single Silver Bullet that will
clean your system in one pass. ACT
technicians use a cocktail of many different tools in a blend that removes
malware and saves your data about 95% of the time. That blend of tools changes frequently as threats
morph and different packages prove more or less effective on new threats. Fighting malware is a constantly changing
environment. Gone are the days when we
fought 6,000 to 7,000 new threats each year.
Kaspersky Labs reported that by the end of 2012 the proliferation of new
malware reached an average of 200,000 new threats each day!
If you need help disinfecting your computer or server, contact ACT for help from an experienced security professional by calling (847) 639-7000 or emailing support@act4networks.com
No comments:
Post a Comment