What is a Rootkit?
A rootkit is a set of software tools that, when installed on a computer, provides remote access to resources, files and system information without the owner’s knowledge. Law enforcement and parental “nanny programs” utilize various types of rootkits to secretly monitor activity on computers for surveillance purposes, but malicious hackers can also install rootkits on the computers of unsuspecting victims. The word “rootkit” comes from the UNIX™ operating system (OS) that was prevalent prior to Microsoft™ Windows™. Linux and Berkeley Software Distribution (BSD) are derivatives of UNIX. The “root” level of a UNIX system is akin to Windows’ administrator privileges. The remote-control software bundle was referred to as a “kit,” giving us “rootkit” sometimes written as “root kit.” Rootkits have been creating a buzz since the early 1990’s. The type of rootkits that attack Windows™ machines embed themselves in the kernel of the OS. From here the rootkit can modify the operating system itself
The name of the malware category rootkits comes from the Unix-based operating systems’ most powerful account — the “root” — which has capabilities similar to the built-in Administrator account in Windows. Years ago, an attacker who compromised a computer would gain root privileges and install his collection of applications and utilities, known as a “kit,” on the compromised system. The rootkit provided the attacker with capabilities like ongoing remote access to the compromised system, an FTP daemon for hosting pirated software or an IRC daemon for hosting illicit chat channels shared by the attacker with his cohorts. The first public Windows rootkit, NT Rootkit, was published in 1999 by Greg Hoglund, an author of computer security books. He is also the owner of www.rootkit.com, a Web site for sharing information about creating, detecting, removing and protecting systems against rootkits. Typically, rootkits do not exploit operating system flaws, but rather their extensibility. Windo
Rootkits are a malware inventor’s dream: they are created to allow worms, bots, and other malevolent software to hide in plain sight. Rootkits are designed to hide themselves from detection by users and security programs, so they don’t show up in Windows Explorer, the running processes don’t display in the Task Manager, and many antivirus programs can’t find rootkit-hidden malware. A rootkit is a special program that buries itself deep into an operating system (like Microsoft Windows) for malicious activity and is extremely difficult to detect. The malicious software operates in a stealth fashion by hiding its files, processes and registry keys and it can be used to create a hidden directory or folder designed to keep it out of view from a user’s operating system and security software. Attackers can then use the rootkit to hide their malicious software, which can range from spyware to keylogger software that can steal sensitive information from users’ computers. Rootkits can allow crim
Many experts have theorized that rootkits will soon be thought of as equally troublesome as viruses and spyware, if they aren’t alrady. In this series of questions and answers from Windows security threats expert Kevin Beaver, find out what a rootkit is, how to find it and, ultimately, remove it. A rootkit may consist of spyware and other programs that: monitor traffic and keystrokes; create a “backdoor” into the system for the hacker’s use; alter log files; attack other machines on the network; and alter existing system tools to escape detection. The presence of a rootkit on a network was first documented in the early 1990s. At that time, Sun and Linux operating systems were the primary targets for a hacker looking to install a rootkit. Today, rootkits are available for a number of operating systems, including Windows, and are increasingly difficult to detect on any network. Rootkits have become more common and their sources more surprising. In late October of 2005, security expert Ma
