PLEASE HELP! My ClimateViewer PC is Dying!
Rootkit: What Is a Rootkit, Scanners, Detection and Removal Software
A rootkit is a clandestine computer program designed to provide continued privileged access to a computer while actively hiding its presence. The term rootkit is a connection of the two words "root" and "kit." Originally, a rootkit was a collection of tools that enabled administrator-level access to a computer or network. Root refers to the Admin account on Unix and Linux systems, and kit refers to the software components that implement the tool. Today rootkits are generally associated with malware – such as Trojans, worms, viruses – that conceal their existence and actions from users and other system processes.
What Can a Rootkit Do?
A rootkit allows someone to maintain command and control over a computer without the computer user/owner knowing about it. Once a rootkit has been installed, the controller of the rootkit has the ability to remotely execute files and change system configurations on the host machine. A rootkit on an infected computer can also access log files and spy on the legitimate computer owner’s usage.
What Is a Master Boot Record (MBR)?
What Does the Master Boot Record Do?
A master boot record consists of three major pieces: the master partition table, the disk signature, and the master boot code. Here's a simplified version of the role the master boot record plays when a computer is first starting up:
HBGary’s nemesis is a ‘16-year-old schoolgirl’
The WikiLeaks Threat - An Overview by Palan6r Technologies, HBGary Federal, and Berico Technologies
Unmasked - How Anonymous took on a computer security firm, spilled its secrets to the world, and got the attention of Congress - all to keep its own identities a secret. Ars Technica book
The HB Gary Emails “12 Monkeys” - Wikileaks
The agenda will be four fold:
Demo 12 Monkeys, for final handoff
Review keyboard emulation on task B, and discuss next steps to fill out the 80k (20k of the 100k has already been consumed)
a. Also, I will look to longer term as I recall there is still an additional 100k on the table) bringing us up to 380k. Based on my last discussion with them, they weren’t planning on dipping into this until Q4, or Q1 though.
Get an update on Project Athena (John Spiller requested we spend some time on this)
Skunkworks (a good couple of hours of sit down time with Shawn & Ben)
The HB Gary Emails “BIOS rootkit” - Wikileaks
From: Roberto Banfi [mailto: firstname.lastname@example.org]
Posted: Monday 30 March 2009 14.25
Subject: New Rootkit Attack Hard To Kill
Those of Core Security have written a python program to install
a rootkit in the BIOS.
Not bad !!!
Indestructible, badass rootkit BadBIOS: Is this tech world’s Loch Ness Monster? VOTE NOW (2013)
[Heads-up] Now In The Wild: New Super Evil Rootkit Survives Even “Nuke From Orbit” And HD Swap
CIA Vault 7: Projects - Wikileaks
Unified Extensible Firmware Interface Specification
Vault 7: CIA Hacking Tools Revealed
LoJax: First UEFI rootkit found in the wild, courtesy of the Sednit group
Russia’s Sednit Deploys First Firmware-Level Rootkit in the Wild
Top NSA hacks of our computers (USB Hacks)
We've got three devices here: COTTONMOUTH-I, COTTONMOUTH-II and COTTONMOUTH-III, all about compromising systems through USB.
COTTONMOUTH-I is a smart "jacket" around a USB A plug. It monitors what's on the wire and communicates it either wirelessly to other COTTONMOUTH-1 devices or through a covert channel in the USB wire to STRAITBIZZARE software. COTTONMOUTH-II is a USB port with a built-in tap to communicate with STRAITBIZZARE. There is no wireless component.
COTTONMOUTH-III is a COTTONMOUTH-II and a tapped Ethernet port. Like COTTONMOUTH-I it has a wireless capability for communicating with other COTTONMOUTH devices and can talk to STRAITBIZZARE over the wire.
These ports are of the type soldered to the motherboard, and so they have to be installed through an interdiction of the computer or, conceivably, at the factory itself.
The document is dated 8/5/2008.
Related Timeline Entries
If any of the links above do not work, copy the URL and paste it into the form below to check the Wayback Machine for an archived version of that webpage.