Rootkits are a collection of stealthy software that provide privileged access in an operating system while concealing their presence. Behaving as benign programs, they hide malware, keyloggers, password and credential stealers, and bots designed to infiltrate a computer or a network, allowing cybercriminals access to protected data and take over the system undetected.

Rootkits can be installed through a USB or downloaded into a computer via social engineering tactics like phishing. Once installed, rootkits are unnoticeable and can block security tools like antivirus or anti-malware. A rootkit not only conceals its presence but also of malware, viruses, and other software payloads to work surreptitiously. They infect the system, create a backdoor entry, and provide hackers administration-level privileges to access a computer or network remotely without the owner s knowledge or consent.

Uses of rootkits

Rootkits can be a force for good such as combating piracy, enforcing digital rights management (DRM), uncovering and preventing cheating in online games, and recognizing attacks in a honeypot. But generally, rootkits are a platform for hackers to provide unauthorized access, hide malicious software programs, and turn the compromised operating system into a host to attack other computers in the network.

Types of rootkits

As soon as rootkits enter the system, they behave with escalating privileges and can act like a Trojan horse, obscuring their existence by subverting the security tools and altering the drivers and kernel modules of an operating system. They come in five variants:

  • User mode runs along with other applications as a user and operates at a Ring 3 level with limited access to the computer. But it can intercept, modify, alter the processes, and overwrite the memory of other applications.
  • Kernel mode is the most difficult to detect and remove as it behaves and runs at Ring 0 , sharing the same privileges with the administrator of an operating system.
  • Bootkits are a type of kernel mode rootkit, which infects a computer s startup code or boot sector to attack disk encryption.
  • Hypervisor exploits the virtualization features of hardware and intercepts communications between the operating system and hardware. It behaves like a virtual machine that hosts the operating system.
  • Firmware rootkits are hidden in the system BIOS of a device or platform firmware such as hard drive, RAM, network card, router, and card reader.

Detection and removal

Detecting rootkits can be difficult, especially if the operating system is already infected, subverted, and compromised by a kernel mode rootkit. But there are ways to detect rootkits, including using antivirus software, checking the system s integrity, tracking CPU usage and network traffic, signature scanning, and employing difference-based detection.

Just as rootkits can be hard to unmask, they re also impossible to remove manually. But some rootkits can be detected and removed by antivirus or antimalware. The easiest way to get rid of rootkits is to reinstall the operating system and its applications.

Webopedia Staff
Webopedia Staff
Since 1995, more than 100 tech experts and researchers have kept Webopedia’s definitions, articles, and study guides up to date. For more information on current editorial staff, please visit our About page.

Related Articles

AutoIt Scripting Language

AutoIt is a popular and easy-to-learn scripting language used by developers since 1999 for quick software development. Here’s more about AutoIt scripting language, its...

Sales CRM

A sales CRM, or customer relationship management (CRM) tool for sales, is frequently the centerpiece of sales operations for a variety of business use...

HighLevel CRM

HighLevel is a sales and marketing customer relationship management (CRM) solution designed by the company HighLevel. Because it's uniquely designed for marketing agencies, HighLevel...

CRM Manager

A customer relationship management (CRM) manager is a person that oversees all customer and client relations within a business. They specialize in customer interactions...

AutoIt Scripting Language

AutoIt is a popular and easy-to-learn scripting language used by developers since 1999...

HighLevel CRM

HighLevel is a sales and marketing customer relationship management (CRM) solution designed by...

Unified Endpoint Management (UEM)

As enterprise networks become increasingly distributed with growing numbers of remote workers, unified...