Dropped Packets

What is TDSS?  TDSS is a rootkit.  …but what is a rootkit?  Rootkits are a way to control another computer on the network.  This of course sounds very foreboding, and it is.  A number of commercial companies sell rootkits to help people.  These legitimate programs have recently made headline news.  Rootkits are very powerful and scary tools.

TDSS is a popular rootkit for Windows as of late.  The name comes from a string inserted into various places throughout the operating system (see TrendMicro).  This happened in earlier versions and that particular string’s use was discontinued in later versions of the program.  TDSS executes commands from a remote user to display popup advertisements, download other files, and prevent programs from running (e.g. av programs).  In other words, the TDSS rootkit allows someone else to control your computer.

There have been many different rootkits through the years.  Perhaps the most infamous rootkit was cDc’s BO (Cult of the Dead Cow’s Back Orfice) – of course, it was perhaps more controversial for its name alone.  Rootkits primarily do the same thing.  They let someone else remotely control a computer.  There are many different ways to do this.  Some rootkits install themselves into the operating system.  Others run as a regular program.  Most rootkits trick users into installing them under the guise of something useful.

In fact, many commercial companies do this.  As of late, gotomypc seems to be a very popular rootkit.  PC Anywhere used to be one of the most popular commercial rootkits.  It famously annoyed System Administrators when their users installed it at work to “control their computer at home.”  I wonder how often this was done by untrusting spouses to monitor their significant other’s activity.  I’m not joking.

Everyone should be familiar with the school that used similar software to photograph a student at home (see http://www.sfgate.com/cgi-bin/blogs/sfmoms/detail?entry_id=57750 or http://defense-rests.blogspot.com/2010/02/school-principal-spys-on-children-at.html).  The school alleged that the student was doing something inappropriate.  What is inappropriate and who has the right to come into another’s home like this? That’s a rootkit.

Rootkits usurp your personal life through technology.  They allow someone else to influence what you see, hear, and experience through your computer.  They use your computer to capture you doing whatever you do in front of your computer.  All the sudden, having a webcam and microphone to talk to Nana on the Internet doesn’t sound like a good idea anymore does it?

No related posts.