Rootkits, Spyware and Ransomware

Rootkits

A rootkit is a collection of malicious computer software created to get access to a target computer and often hides its existence or the existence of other software. The term rootkit is a concatenation of “root” (the privileged account on Unix-like operating systems) and the word “kit” (which refers to the software components that implement the tool).

A rootkit can be installed by an attacker directly or remotely by exploiting a known vulnerability. Once installed, it hides and runs with administrator privilege. Rootkit detection is difficult because a rootkit intercepts operating system calls by antivirus and return a good version of the software. It either duplicates or replaces OS system files making it difficult to detect it.

Methods of Detection:

• Behavioural-based methods

• signature scanning,

• Integrity scanning by taking snapshots

• Memory dump analysis.

The usual solution is to reinstall the operating system.

When dealing with firmware rootkits, removal may require hardware replacement or specialized equipment.

Spyware

This malware when installed on the target, monitor the Target for every action and report to the remote attacker. Cookie stealing, Password stealing, identity theft, information theft are few attacks which are common using spyware

Ransomware

These are malicious software which restricts access to computer system files and folders asking for an online ransom amount to remove the restrictions.

Usually, they encrypt the data, making the user pay them a huge ransom to get the decrypted data.