A successful autorooter will give crackers what they want: complete control of a target machine with little effort, fast. Scanning networks for vulnerable machines, gaining unauthorized administrative access, installing backdoors, all the tricks of the trade, can all be achieved at the click of a button. In this article we'll explore the concepts behind autorooters and what can be done to defend against them.
The term "autorooter" is based on security lingo for successfully cracking and gaining privileged access to a machine. The act, known as "rooting" a system, originates from the name of the administrative account on a Unix box - "root". The "auto" prefix stems from the fact that these devices essentially package, or automate, the cracking process from start to finish. They can be designed to scan a network for vulnerable machines or attack everything they come across. Once a machine is successfully compromised, or rooted, any type of malicious code can be installed and configured: data might be captured (using a tool known as a sniffer), Web pages defaced, servers installed. Some autorooters are finished after sending the results back to the cracker, others may install zombies that await further instructions from the attacker, such as IRC-controlled denial of service slaves.
The link for this article located at SecurityFocus is no longer available.
