Sunday, March 31, 2019

How To Detect & Prevent Rootkits

 
How To Detect Rootkits















Cyber criminals are always finding new and creative ways to execute their ill intentions. One of the sneakiest if not the most; are rootkits. Even the most reputable and powerful anti virus programs fail to detect them, because concealment is in their very nature.

And if you are unlucky enough to be a victim of the right kind of rootkit, the only solution would be to replace your device entirely. Many organizations have fallen prey to these attacks and it was challenging for them even after hiring security experts. But in this and most cases, prevention is better than cure.

But do you know why I consider this the most dangerous kind of cyber threat? The answer is on the first paragraph. Most anti-virus software today can detect almost any kind of horrible malicious activity. And they are frequently updating their library of newer and smarter threats.

But the rootkit is different. These programs are like the F-32 bombers or Solid Snake of the cyber world. And these powerful tools are a lot harder or near impossible to detect through traditional methods.

Rootkits. What Are They?

The inception of rootkits were not for bad intentions. But as Alan Grant from Jurassic Park 3 said " Some of the worst things imaginable have been done with the best intentions. Rootkits are a set of tools that enable "root" as in the high level or privileged user to control or gain administrator access to a "kit", a program or app that implements the tool.

This means it can remotely operate or remain dormant on your device and do what ever the cyber criminals want it to do to your phone/pc. A rootkit can automatically download malware, adware, bloatware, keyloggers and other fraudulent friends to your device. It can also approve all kinds of permissions that you wouldn't to its host app and let it exploit your data.

Rootkits can also make changes to your computer or smartphone's behavior. It may slow your phone down or disguise itself as a system app, infect other apps that you have and the list goes on. There are many kind of rootkits that cyber criminals have used throughout the decade. You don't have to worry about all of them but the bad guys are still out there. And the first line of defense is knowing your enemy.

Classification Of Rootkits

It has always been difficult to detect and remedy attacks involving these software. However, to make things worse, there are 5 kinds of them. I'll discuss each of them in detail below.
  • Firmware rootkits
  • User Mode Rootkit
  • Memory rootkits
  • Bootkits/Bootloader Rootkits
  • Kernel Rootkit

Kernel Mode Rootkits


Now before we go into what Kernel Mode Rootkit is, we should first understand the term "Kernel". The term Kernel is the core of an operating system. It is responsible for managing the operations of a computer and its hardware.

The Kernal Mode rootkit targets the operating system of your device. It changes the way your system behaves and creates its own data structures or generate codes. It resides between system app or disguises as a system driver app/program or even hide within hardware; this is one of the reasons why most anti-virus programs won't detect it and it is risky to remove.

The key purpose of alternating your system driver apps or programs is mostly to gain administrative access to your operating system. On Windows they take advantage of the operating system that allow device drivers and loadable modules to execute with the same level of authority as the operating system's kernel. They can also completely compromise a 64bit windows operating system through manipulation of the boot sequences.


Firmware Rootkits

Firmware Rootkits exploit programs embedded in the firmware of the operating system and install themselves in the firmware pictures that are used by network/LAN cards, BIOSes, Wifi Adapters, routers or other devices.
For example: you bought a new graphics card but little did you know; cyber attackers have implemented rootkits and compromised the company's graphics card driver program. As soon as you install the driver, the Firmware rootkit is ready to do bad things to your system.

Memory rootkits

These problems are not permanent. Fortunately, they can only remain until the computer is turned on. The moment you restart your computer the memory gets reset and its all fresh again. But unfortunately for smartphones, they stick around. The reason being our phones are always kept running.
This rootkit loads itself with your device's memory and might be in many cases responsible for the slowing down of our devices.

User Mode Rootkit

The User Mode Rootkit is also known as an application rootkit. It loads itself during your systems startup just like an ordinary user program would. Or it may be delivered by a host program you downloaded from dodgy sites or other creative ways cyber attackers may choose to infiltrate your device depending on your operating system. What it usually does is change the behavior or functionality of smaller components of a parent program/app.
It usually disguises or infects existing both downloaded apps or programs that you trust in order to exploit your system.

Bootkit Rootkit

The Bootkit Rootkit tampers with the boot sector of your machine's hard drive or master boot record. Bootkits are capable of destabilizing the boot process and manipulate the operating system after booting. The bootloader/Bootkit might be the most dangerous kind of rootkit.
Why? Because most Anti-viruses can only detect threats within the operating system, not the basic input out put system. The BIOS is responsible for turning on your device when you press the power button. Or the very thing that stores the BIOS i.e complementary metal-oxide-semiconductor.
Bootloader Kits are one of the most dangerous threats right now because they dwell and dabble within the BIOS or the CMOS or even both at the same time.

Ways To Stay Safe?

However, current operating systems like IOS, Android, Mac OS or Windows are constantly spending resources to make their systems more secure. Google Play Services have a big part to play over Android security. And they have successfully made these systems smart enough to detect and eliminate most of these threats. Not all of them however.
Because of these defense fortifications made by our operating systems, attackers use more creative ways to mask malcontent.

Ways To Prevent Rootkit

  • Do NOT download programs or apps from untrustworthy or shady developers.
  • Before running an executable file, scan it with your system's anti-virus programs.
  • Do not download Pirated Software, PDF content, Pirated Video content.
  • Do not visit sites that your web browser warns you not to go to.
  • Read reviews of the content you download or comments.
  • Read reviews of the apps you download, even from the play store.
  • Stay aware of new and all cyber threats through research.
  • Avoid entering the deep web.
  • Always update your Anti-virus

The Detection Process (The Tricky Part)

If you've been careless on the internet like I was when I loved free stuff ; your device is most likely harboring an infection. If you are dealing with a rootkit that is heavily glitched or have bugs; the typical sign of it is the slowing down of your system. But if you are dealing with very skilled cyber attackers; their programs would be significantly harder to detect.
For example in my personal experience. My computer suddenly became unconditionally slow. I opened the task manager to see what was taking a toll on my system's memory. I noticed the icon of Google Chrome taking up almost 400mb of the ram of my 4 gigabyte laptop and sometimes even more. The program wasn't even running. I tried ending the task for an almost an hour but it refused to shut down.
It was a classic example of a User Mode Rootkit. As you certainly are aware; Google Chrome is one of the, if not THE most trusted web browser out there. And it was definitely not their fault. It was perhaps, my irresponsible ways with the internet or whatever. Needless to say my anti-virus (Windows Defender) program WAS up to date.
I was running Windows 8 at the time (2 years ago) and I had to setup windows all over again for it to finally go away. But you need not worry anymore as anti-virus programs over mainstream operating systems have been improved significantly with the exception of Linux.

The Gist Of It All

The title of my article may seem provocative. but I'm not trying to scare anybody. Its purpose after all is to grab your attention, to make you aware of the unknown dangers of the cyber world and be prepared for it. If you've learned something new and useful from this article and think it might help someone you know; kindly pass it on.

Wednesday, March 1, 2017

IDM- Internet Download Manager 6.27 Build 5 Full Version

IDM- Internet Download Manager 6.27 Build 5 Full Version

Tuesday, January 24, 2017

AutoHotkey - A Free software to make any hotkey or key combination

AutoHotkey (AHK) is a free, open-source macro-creation and automation software for Windows that allows users to automate repetitive tasks. It is driven by a scripting language that was initially aimed at providing keyboard shortcuts, otherwise known as hotkeys, that over time evolved into a full-fledged scripting language.



Sunday, January 24, 2016

ডিজিটাল পাসপোর্ট অথবা পাসপোর্ট ছাড়া কিভাবে দেশে যাওয়া যায়?

ডিজিটাল পাসপোর্ট অথবা পাসপোর্ট ছাড়া কিভাবে দেশে যাওয়া যায়? জেনে নিন বিস্তারিত।


আমাদের মধ্যে এখনো অনেকেই রয়েছেন যারা (MRP) মেশিন রিডেবল বা ডিজিটাল পাসপোর্ট করতে পারেননি, এবং জরুরী প্রয়োজনে দেশে যাওয়া প্রয়োজন, তো কিভাবে আপনারা পাসপোর্ট ছাড়া দেশে যেতে পারেন? আসুন জেনে নেই বিস্তারিত।


পাসপোর্ট ছাড়া দেশে যেতে হলে আমাদের ইতালি অথবা ইউরোপে অবস্থিত বাংলাদেশ দূতাবাস থেকে “ট্রাভেল পাস” নিয়ে যেতে হবে। এই ট্রাভেল পাস নেওয়ার জন্য আমাদের কে দূতাবাস কে প্রতি ট্রাভেল পাস এর জন্য ২৮ ইউরো পে করতে হবে, এবং এই পাস ইতালি রোম দুতাবাসে সকালে জমা দিলে বিকেলে ডেলিভারি দেওয়া হয়, এবং এই পাস এর মাধ্যমে আপনারা যে কেউ পাসপোর্ট ছাড়াই দেশে যেতে পাড়বেন। যেমন যারা ইতিমধ্যে ডিজিটাল পাসপোর্ট করতে পারেননি তারা এই পাস এর মাধ্যমে দেশে যেতে পাড়বেন, আবার যাদের পূর্বের হাতে লেখা পাসপোর্ট এর মেয়াদ শেষ? তারাও এই পাস এর মাধ্যমে দেশে যেতে পাড়বেন, বা যারা পাসপোর্ট হারিয়ে ফেলেছেন!! তারাও এই পাস এর শরণাপন্ন হতে পারেন।

Sunday, January 17, 2016

Microsoft Edge won't open - Windows 10

Microsoft Edge won't open - Windows 10

I have just reinstalled windows 10, and after that, some of my apps, specially Microsoft Edge won't open. I tried to find out the solution of this issue. There were many ways to fix that. But this is the most effective and easiest way I found. I hope this will work for you too.

Saturday, January 2, 2016

How to Customize a Google Blogger Template

Go to your Blogger Dashboard and launch the Template Designer by clicking the Design link.
Then click the Template Designer tab. The Template Designer has five sections, and the first one that appears here is the Templates section.

Monday, December 14, 2015

DirectX Runtime 9.29.1962 (June 2010) Standalone, Offline Installer

Here’s a very important update for video gamers, 3D artists or anyone else who use programs that communicate with Microsoft DirectX API (this includes watching video as well). The latest DirectX monthly runtime is here and it’s a recommended upgrade for everyone running Windows 7, Windows Server 2003, Windows Server 2008, Windows Vista or Windows XP Service Pack 3. If you are wondering how this redistributable package differs from the web installer that’s provided on Microsoft download center, this is a standalone setup that does not involve any over-the-web file downloading. It can even be run on environments without internet connectivity. In other words, this is basically the DirectX setup you get bundled with latest PC games.



Friday, October 2, 2015

Installing Ubuntu inside Windows using VirtualBox

Installing Ubuntu inside Windows using VirtualBox

Introduction

VirtualBox allows you to run an entire operating system inside another operating system. Please be aware that you should have a minimum of 512 MB of RAM. 1 GB of RAM or more is recommended.

Comparison to Dual-Boot

Many websites (including the one you're reading) have tutorials on setting up dual-boots between Windows and Ubuntu. A dual-boot allows you, at boot time, to decide which operating system you want to use. Installing Ubuntu on a virtual machine inside of Windows has a lot advantages over a dual-boot (but also a few disadvantages).

Sunday, September 20, 2015

Wednesday, September 16, 2015

How To Open A Clothing Line Business?

I've read a bunch of blogs about suggestions for people facing problems when looking for manufacturers to produce their goods. Well, I decided to join in on the discussion. There are certain companies who provide manufacturer sourcing services. They do everything from taking quote for manufacturers to sourcing raw material suppliers for your product.


What's My Suggestion?

If you are serious about opening a clothing line company. The first thing to keep in mind is how you produce them. If you're just a start up you probably aren't going to produce on the large scale. But either way, if you live somewhere in Europe, the United States or somewhere on the western hemisphere, chances are production won't come cheap if you're thinking local. That is when you look towards Asia and specifically Bangladesh, Indonesia, India or China if you're looking for someone to produce your apparel products cheaply and profitably.

In Bangladesh it's quite difficult to get in touch with trust worthy & reliable manufacturers directly and the internet isn't going to help much either. That is where the companies I've described in the first paragraph come in. They're called a "Buying House". They work as an agent and are well connected with reliable and legitimate suppliers & manufacturers.

Here's An Option.

One such Buying Office I could refer to is  "Milky Fashions". Here's the link to  their website :MILKY FASHIONS | Apparel Manufacturer, Exporter, Trading & Business Support 

If there are anything else, you'd like to know, feel free to ask. If this article has helped you in any way, kindly share this among your peers.





Wednesday, August 12, 2015

How to add any program on startup on windows 10

How to add any program on startup

In previous version of windwos, it was easy to find the start up folder. We could place shortcut of any program, that we wanted to start automatically when the computer starts.

Sunday, May 3, 2015

Latest Your Uninstaller Pro 7 Serial Key

Your Uninstaller Pro 7


It is the latest program update, which is (7.5.2013.02!)

Rare, Cool Characters & Symbols

☠ ☮ ☯ ♠ Ω ♤ ♣ ♧ ♥ ♡ ♦ ♢ ♔ ♕ ♚ ♛ ⚜ ★ ☆ ✮ ✯ ☄ ☾ ☽ ☼ ☀ ☁ ☂ ☃ ☻ ☺ ☹ ۞ ۩
εїз Ƹ̵̡Ӝ̵̨̄Ʒ ξЖЗ εжз ☎ ☏ ¢ ☚ ☛ ☜ ☝ ☞ ☟ ✍ ✌ ☢ ☣ ♨ ๑ ❀ ✿ ψ ♆ ☪ ☭ ♪ ♩ ♫ ♬ ✄ ✂ ✆ ✉ ✦ ✧
♱ ♰ ∞ ♂ ♀ ☿ ❤ ❥ ❦ ❧ ™ ® © ✖ ✗ ✘ ⊗ ♒

YJ Dailynews Joomla 2.5 & 3.2 – News Template

YJ Dailynews Joomla 2.5 & 3.2 – News Template



Try it

Web hosting