What Exactly Is A Rootkit?

rootkits and why you want to avoid them

There is a scourge in the world of professional security that no one likes to talk about.

It has been around for a few years but we are only now creating the tools to get this piece of malware off of peoples computer safely.

This piece of code that everyone is scared of is called a rootkit.

rootkits and why you want to avoid them

The rootkit has been around for a long time but it first garnered public attention back in 2005 when the Sony corporation placed a rootkit on their CD’s to prevent piracy.

This set off all kinds of alarms and Sony was quickly forced to remove the offending piece of code from distribution.

A rootkit is a dangerous piece of software and I will discuss more of why that is later in the article.

What Is A Rootkit Exactly?

Let me begin by describing what a rootkit actually is and what exactly it does to your computer.

A rootkit is basically a piece of code that hides very deep in the background of your system but never lets the computer know that it is there.

If you look in your task bar, you will normally see all of the processes that are running on your computer.

A rootkit is able to obscure that ability so you will never know that it is installed on your system.

Once the rootkit has attached itself, it then uses another security hole to allow it to escalate its privileges on your machine.

Once it is able to do that then there is no stopping the damage that can be done.

There are tools now that can eliminate a rootkit from your system but most people will never know it is on there until it is too late.

That is why it pays to run a normal antivirus scan on your computer at least once a week (more often, such as daily, would be preferable).

If you do not see a problem going on then you will not think that there is a problem to solve.

Pwned

Most rootkits are used so that the attacker has the ability to take over your computer.

Once the computer is considered “pwned”, they will use it for their own nefarious purposes.

Some of the purposes include sending email out of your machine or running a ddos attack on someone elses web site.

The whole time your machine could be part of this scam and you would never even know it.

Some rootkits have been known to stay dormant for months before they activate and then all of the sudden take over your machine.

With your machine and a couple hundred others, an attacker could do some real damage on the internet.

As you can see a rootkit can be a very dangerous thing to have installed on your computer.

I must emphasize again this is why you should run at least a weekly scan on your computer, a nightly scan while you are sleep would be better.

Just because you do not see that there is a problem does not mean that it is not there.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Comments

  1. AV scans, yes, more often is always better, of course, though the frequency I would recommend would vary according the person’s internet usage.

    Thanks for the links, I’ll have a good read later.

  2. AV scans only once per week? That’s a very large window of opportunity. Think of all the possible driveby download opportunities a typical user is exposed to daily. Daily scans are a better choice.

    You may also want to cite these two excellent articles:

    Rootkits 101: Rotten to the Core by Lisa Phifer
    http://www.corecom.com/external/livesecurity/rootkits101.htm
    Rootkits 201: Countermeasures and Defenses
    http://www.corecom.com/external/livesecurity/rootkits201.htm

Trackbacks

  1. […] you concerned that your computer may be infected with a Bootkit? (note: thats bootkit not rootkit)A bootkit, in very simple terms, is like a rootkit that has suped itself up with steroids. Bootkits […]

  2. […] of the more notorious rootkits of modern times is known as the TDSS rootkit family -TidservTDSServRootkit.Win32.TDSSAlureonThis […]

  3. […] a rootkit from your system you’ll likely want to know what one is in the first place! A rootkit is a type of virus that has been designed in such a way that it is very hard to detect. It will […]

  4. […] reported to use now is Rootkit technology. When you are talking about malware on the computer a Rootkit is like the nuclear bomb of malware. It is one of the most dangerous pieces that you will see on a […]

  5. […] the infection is a Rootkit it may be able to sit there for months at a time before anyone was able to discover […]

  6. […] rootkit is, most of the time, a secretive piece of software which is designed to conceal the running of […]

Speak Your Mind

*