A rootkit is, most of the time, a secretive piece of software which is designed to conceal the running of other programs or processes on a computer system.
I say most of the time because a few select rootkits are not malicious in nature.
A good example of such is Sony’s Digital Rights Management (DRM) which is employed in order to prevent music piracy.
Generally, though, rootkits are used for far more nefarious purposes, such as data theft or other abuses on the target system.
How Are Rootkits Installed?
Rootkits typically come packaged with other software that the end-user believes they want to install onto their system and may be combined with other varieties of malware, such as worms, too.
Rootkits can open up a ‘back door’ that allow their controller to gain access to the system and to have all the rights that the administrator would have.
A rootkit can be used not only to infiltrate a system but also to install other undesirable processes such as keystroke loggers which can be used to acquire passwords and other data which can be utilised in identity theft and online banking scams.
The access privileges granted by a rootkit can also allow the controller to send out spam emails without the owner’s knowledge, as well as instigating or joining denial of services (dDoS) attacks against web properties.
How Do I Detect A Rootkit?
As a rootkit is designed to hide or mask the services that are running on a computer it is, therefore, quite tricky to identify that one is present on a system in the first place.
Many will suspend themselves when antivirus scans are taking place so as not to arouse suspicion.
Whilst newer, and better quality, antivirus solutions are becoming increasingly effective in detecting rootkits, older versions can often miss them completely.
The best solution, in my opinion, for dealing with rootkits is to install a quality antivirus program and to keep it updated at all times.