Eddie Awad's Blog
msgbartop
News, views, tips and tricks on Oracle and other fun stuff
msgbarbottom

Oracle Rootkit

What is a rootkit?

According to Symantec’s definition:

A rootkit is a component that uses stealth to maintain a persistent and undetectable presence on the machine. Actions performed by a rootkit, such as installation and any form of code execution, are done without end user consent or knowledge.

Rootkits do not infect machines by themselves like viruses or worms, but rather, seek to provide an undetectable environment for malicious code to execute. Attackers will typically leverage vulnerabilities in the target machine, or use social engineering techniques, to manually install rootkits. Or, in some cases, rootkits can be installed automatically upon execution of a virus or worm or simply even by browsing to a malicious website.

Once installed, an attacker can perform virtually any function on the system to include remote access, eavesdropping, as well as hide processes, files, registry keys and communication channels.

Does a rootkit exist for Oracle?

Yes. In fact, Alexander Kornbrust, of Red Database Security GmbH, is developing Version 2.0 of a rootkit program he first unveiled in April 2005.

Why has Alex created a rootkit?

Alex claims his rootkits are not hacking tools but are designed to underscore weaknesses in databases from Oracle, Microsoft and others that make it easy to hide malicious activity.

What is the difference between the first version of Alex’s rootkit and the newer version?

The new version of the database rootkit will modify the computer memory used to run Oracle. Administrators could detect the first version of the rootkit by noting changes in the size of the data dictionaries that had been modified. The new version will allow attackers to disguise malicious elements without modifying the database views.

This is what I learned from reading this eWeek.com article. I had never heard about rootkits until I read the article. I believe that more DBA’s should be educated about this kind of stuff (if they are not already). Better yet, create a new position within your organization, a DBSA. Guess what the “S” stands for?

3 Comments | Filed in Oracle, Technology | Tags: ,

sidebartop

Recent Articles

sidebarbottom
sidebartop

Tags

10g 11g acquisition aggregator blog book concepts database dbms_scheduler Documentation EBS extension feed Firefox function funny Google gotcha join microsoft MySQL odtug OpenWorld openworld07 openworld08 oraclecommunity password performance pl/sql plugin programming search Security software sql sql-developer sqlplus tool twitter undocumented video wiki WordPress xe xml
sidebarbottom
sidebartop

Topics

sidebarbottom
sidebartop

Archives

sidebarbottom
sidebartop

Recent Comments

sidebarbottom
sidebartop

On Twitter

sidebarbottom
sidebartop
sidebarbottom
sidebartop

About This Blog

sidebarbottom
sidebartop

Feeds

RSS Feed RSS - Posts

RSS Feed RSS - Comments

sidebarbottom
             © Eddie Awad's Blog / Design: Smashing Wordpress Themes