【正文】 y online marketers small application vendors website operators. 9 Dangerous Web Site [stopbadware] Google search keyword: Assignment: Use a sniffer to check what information is sent back to the malicious site. 10 Dangerous Web Site Google search keyword: 11 Dangerous Web Site Google search keyword: 12 Dangerous Web Site This is an old Google warning page. 13 Rootkit 14 Increase in Use of Rootkits in Malicious Programs As the following graph shows, rootkits are being more and more widely used in order to mask the presence of malicious code on infected systems. 15 What Is Rootkit[Saliman Manap]? Rootkit name are bination from two words, “root” and “kit”. “Root” was taken from “root” ? a name of UNIX administrator, which is the highestaccess level in UNIX environments. “Kit” can be refer as tools. From this word we can interpret rootkit as tools or collection of tools that enable an attacker to keep the root power on the promised system. In order to keep the continuously power over the promised server he/she should hide their presence from being detected by administrator. This is what actually rootkit do. So the best meaning we can describe rootkit is it is a tool or collection of tools that hide an attacker presence and at the same time give the attacker ability to keep full control the server or host continuously without being detected. 16 Information to Hide A rootkit is a set of software tools intended to conceal running processes files system data thereby helping an intruder to maintain access to a system whilst avoiding detection. 17 Access Level Required to Install Rootkits In UNIX environment the attacker installs a rootkit on a puter after first obtaining the access level, either by userlevel access or administratorlevel access. Administratorlevel access is needed for most rootkit installation. This can be done by exploiting known remote vulnerabilities to gain the rootlevel access. If the attackers only have userlevel access, local exploit or cracking administrator password need to be done in order to get full access level before rootkit successfully installed. 18 Common Rootkit Usage (1) Hide all sorts of tools useful for attacks: This includes tools for further attacks against puter systems the promised system municates with. ? such as keyloggers which can record account info issued from the promised puter. A mon abuse is to use a promised puter as a staging ground for further attack. ? This is often done to make the attack appear to originate from the promised system or work instead of the attacker. ? Tools for this can include ? tools to relay chat sessions ? spam attacks. 19 Common Rootkit Usage (2) allow the programmer of the rootkit to see and access user names and login information for sites that install them. The programmer of the rootkit can store unique sets of login information from many different puters. ? This makes the rootkits extremely hazardous, as it allows Trojans (. ssh, tel) to access this personal information while the rootkit covers it up. 20 Other Tools That May Also Be Contained in a Rootkit As attacker undercover tools, rootkit program must have a capability to mask the intrusion and her/his presence. The rootkit may consist of several other utilities such as: Back door programs Packet sniffers Logwiping utilities Log editor Miscellaneous programs ? DDoS program ? IRC program: ? This IRC bot will connect to the s and log on some servers waiting for the attacker to issue a mand to them. ? Attacker utility ? System patch 21 Rooted Computers and OSes Rootkits are known to exist for a variety of operating systems such as Linux, Solaris and versions of Microsoft Windows. A puter with a rootkit on it is calle