Home > Ask the Security Experts > Information Security Threats Questions & Answers > What is the best way to conduct a rootkit-specific risk assessment?
Ask The Security Expert: Questions & Answers
EMAIL THIS

What is the best way to conduct a rootkit-specific risk assessment?

John Strand, featured expert EXPERT RESPONSE FROM: John Strand, featured expert

Pose a Question
Other Security Categories
Meet all Security Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 18 August 2008
What is the best way to conduct a risk assessment, specifically concerning rootkits?

>
Rootkits are the tool of choice for many attackers who want access on a victim's system. With this type of malware, attackers can install their malicious code onto a victim's machine in such a way that is extremely difficult for a user to detect.

Currently there are numerous rootkits available for almost any operating system. Researchers have recently seen some rootkits that almost have a commercial feel to them, designed on a custom basis for a fee to evade many antivirus vendors for a small fee.

When dealing with rootkits and malicious code, many security professionals focus on tools and technology. While this is important, it is not as important as developing a security team's ability to deal with rootkits.

When I work on a certification and accreditation project, I like to set up a scenario where I install a rootkit on a system and ask the security team to identify and remove it. Rather then relying on documented procedures or proof that they are updating their antivirus on a regular basis, I like to see how the team responds when they have a live situation to resolve.

As for technology, I like working with RootkitRevealer, F-Secure Corp.'s BackLight tool and the freely available IceSword. It is always a good idea to get a second (or possibly even a third) opinion when dealing with rootkits because they are constantly evolving to bypass rootkit-detection techniques and technologies.

More information:

  • Get the latest rootkit news and research.
  • A reader asks John Strand, "Is a Master Boot Record (MBR) rootkit completely invisible to the OS?"


    • BROWSE BY TAG
    Information Security Threats,   Malware, Viruses, Trojans and Spyware,   Information Security Threats,   VIEW ALL TAGS

    Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



    RELATED CONTENT
    Information Security Threats
    How to get rid of malware, botnets on a hospital IT network
    Should a national cybersecurity strategy include offensive botnets?
    How can search results lead to malware?
    How to prevent brute force webmail attacks
    How to prevent mobile phone spying
    What are today's antivirus software trends?
    How to detect input validation errors and vulnerabilities
    Can secure USB devices prevent man-in-the middle attacks
    How to prevent and build protection against online identity theft
    Is there a spy on my mobile device?

    Malware, Viruses, Trojans and Spyware
    New Zeus spam poses as Social Security statements
    Increase in Gumblar backdoors poses FTP credential problems
    Hackers to sharpen malware, malicious software in 2010
    iPhone worm Rickrolls jailbroken phones
    Israeli Mossad add Trojan Horse to Syrian laptop
    Schneier-Ranum Face-Off: Is antivirus dead?
    Modern malware, stealthy botnets, adapt quickly, expert says
    Computer worm infections up, scareware antivirus down, Microsoft says
    Web-based attacks skyrocket, pirating sites surge, security firms say
    Mini guide: How to remove and prevent Trojans, malware and spyware

    RELATED GLOSSARY TERMS
    Terms from Whatis.com − the technology online dictionary
    bot worm  (SearchSecurity.com)
    directory traversal  (SearchSecurity.com)
    government Trojan  (SearchSecurity.com)
    Kraken  (SearchSecurity.com)
    man in the browser  (SearchSecurity.com)
    polymorphic malware  (SearchSecurity.com)
    RAT (remote access Trojan)  (SearchSecurity.com)
    RavMonE virus  (SearchSecurity.com)
    RFID virus  (SearchSecurity.com)
    Rock Phish  (SearchSecurity.com)

    RELATED RESOURCES
    2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
    Search Bitpipe.com for the latest white papers and business webcasts
    Whatis.com, the online computer dictionary



    Search and Browse the Expert Answer Center
    Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
    Browse our Expert Advice



    Find Security Solutions for Your Business
    TechTarget Security Media
    Information Security View this month\\'s issue and subscribe today.
    Information Security Decisions Apply online for free conference admission.
    		SearchSecurity.com
    HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
    SEARCH :     Site Index Powered by: Search Powered by Google

    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Site Map




    All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts