dcsimg
Main » TERM » R »

Rootkits

Rootkits are a collection of stealthy software that provide privileged access in an operating system while concealing their presence. Behaving as benign programs, they hide malware, keyloggers, password and credential stealers, and bots designed to infiltrate a computer or a network, allowing cybercriminals access to protected data and take over the system undetected.

Rootkits can be installed through a USB or downloaded into a computer via social engineering tactics like phishing. Once installed, rootkits are unnoticeable and can block security tools like antivirus or anti-malware. A rootkit not only conceals its presence but also of malware, viruses, and other software payloads to work surreptitiously. They infect the system, create a backdoor entry, and provide hackers administration-level privileges to access a computer or network remotely without the owner’s knowledge or consent.

Uses of rootkits 

Rootkits can be a force for good such as combating piracy, enforcing digital rights management (DRM), uncovering and preventing cheating in online games, and recognizing attacks in a honeypot. But generally, rootkits are a platform for hackers to provide unauthorized access, hide malicious software programs, and turn the compromised operating system into a host to attack other computers in the network. 

Types of rootkits

As soon as rootkits enter the system, they behave with escalating privileges and can act like a Trojan horse, obscuring their existence by subverting the security tools and altering the drivers and kernel modules of an operating system. They come in five variants:

  • User mode runs along with other applications as a user and operates at a ‘Ring 3’ level with limited access to the computer. But it can intercept, modify, alter the processes, and overwrite the memory of other applications. 
  • Kernel mode is the most difficult to detect and remove as it behaves and runs at ‘Ring 0’, sharing the same privileges with the administrator of an operating system. 
  • Bootkits are a type of kernel mode rootkit, which infects a computer’s startup code or boot sector to attack disk encryption. 
  • Hypervisor exploits the virtualization features of hardware and intercepts communications between the operating system and hardware. It behaves like a virtual machine that hosts the operating system. 
  • Firmware rootkits are hidden in the system BIOS of a device or platform firmware such as hard drive, RAM, network card, router, and card reader. 

Detection and removal

Detecting rootkits can be difficult, especially if the operating system is already infected, subverted, and compromised by a kernel mode rootkit. But there are ways to detect rootkits, including using antivirus software, checking the system’s integrity, tracking CPU usage and network traffic, signature scanning, and employing difference-based detection.

Just as rootkits can be hard to unmask, they’re also impossible to remove manually. But some rootkits can be detected and removed by antivirus or antimalware. The easiest way to get rid of rootkits is to reinstall the operating system and its applications. 










LATEST ARTICLES
Texting & Chat Abbreviations

From A3 to ZZZ we list 1,559 text message and online chat abbreviations to help you translate and understand today's texting lingo. Includes Top... Read More »

Huge List of Computer Certifications

Have you heard about a computer certification program but can't figure out if it's right for you? Use this handy list to help you decide. Read More »

STUDY GUIDES
Computer Architecture Study Guide

Computer architecture provides an introduction to system design basics for most computer science students. Read More »

Network Fundamentals Study Guide

Networking fundamentals teaches the building blocks of modern network design. Learn different types of networks, concepts, architecture and... Read More »

The Five Generations of Computers

Learn about each of the five generations of computers and major technology developments that have led to the computing devices that we use... Read More »