Differentiate between Gootkit, Bootkit and Rootkit
Along with the development of the technology world in general and the internet in particular, security threats are also evolving in both quantity and danger level.
Along with the development of the technology world in general and the internet in particular, security threats are also increasingly evolving in both quantity and danger level.
If you are interested in network security / information security, Gootkit, Bootkit and Rootkit are probably concepts you've heard about. So what is the difference between these 3 concepts? We will learn together shortly.
What is gootkit?
- Gootkit is a trojan malware, first discovered in 2014.
- Gootkit has the ability to hack into bank accounts, steal login information and manipulate online transactions.
- Gootkit uses the following three modules: The Loader, The Main Module, and the Web Injection Module (malware injection module). The Loader is the first stage of the attack process, when the trojan sets up a continuous environment. The Main Module will then create a proxy server that works with the Web Injection Module.
- Gootkit has no known propagation process. It uses phishing email, taking advantage of toolsets like Neutrino, Angler and RIG to spread to the targeted systems.
What is rootkit?
- Rootkits are secret computer software designed to perform a variety of malicious activities, including password theft and credit card information or online banking information.
- Rootkits can also give an attacker the ability to disable security software and record information as you type, simplifying the process of stealing information for cyber criminals.
- There are 5 types of rootkits: hardware or firmware rootkits, bootloader rootkits, memory rootkits, application rootkits, and application rootkits (kernel).
- Rootkits can take advantage of phishing emails and infected mobile applications to spread into large-scale systems.
What is bootkit?
- Bootkits are a more advanced, complex and dangerous type of rootkit that targets the Master Boot Record on the computer's physical motherboard.
- Bootkit can destabilize the system and lead to a 'blue screen' error or prevent the operating system from starting.
- In some cases, the bootkit may display a warning and require a ransom to restore the computer to normal operation.
- Bootkits generally spread via floppy disks and other bootable media. However, recently, this malware has also been recorded for distribution via phishing email software programs or free download data.
Understanding the basic differences for these 3 malicious agents plays a very important role in the construction of defense systems as well as troubleshooting of security incidents.
Update 15 January 2020
You should read it
- These Anti-Rootkit tools should and should be in the system
- 'Super stealth' rootkit
- 'Rootkit + Trojan = Increased danger'
- Learn about the sample Rootkit.Win32.Stuxnet.a
- Moriya: An advanced and very dangerous 'stealth' Rootkit
- Network security challenges in 2014
- Ransomware LockerGoga is making a big corporation miserable
- The basic steps in dealing with network security issues that you need to understand
- 5 best free security tools you may not know yet
- Mexico's largest oil and gas corporation has been attacked by ransomware, presenting a cyber security disaster
- Will 5G make us more vulnerable to cyber attacks?
- Rootkits - potential dangers
Maybe you are interested
Fix Opera installer crashes downloading on Windows Why You Should Consider Hiring a Risk Management Agency What kind of intelligence do you own? What to do to ensure life in situations of bad guys attacking? 10 books 'head pillow' of the world's most famous people 12 valuable Marketing lessons from Snapchat's success