HomeSecurity

Rootkits

Webopedia Staff
Webopedia Staff
Updated on:

Rootkits are a collection of stealthy software that provide privileged access in an operating system while concealing their presence. Behaving as benign programs, they hide malware, keyloggers, password and credential stealers, and bots designed to infiltrate a computer or a network, allowing cybercriminals access to protected data and take over the system undetected.

Rootkits can be installed through a USB or downloaded into a computer via social engineering tactics like phishing. Once installed, rootkits are unnoticeable and can block security tools like antivirus or anti-malware. A rootkit not only conceals its presence but also of malware, viruses, and other software payloads to work surreptitiously. They infect the system, create a backdoor entry, and provide hackers administration-level privileges to access a computer or network remotely without the owner s knowledge or consent.

Uses of rootkits

Rootkits can be a force for good such as combating piracy, enforcing digital rights management (DRM), uncovering and preventing cheating in online games, and recognizing attacks in a honeypot. But generally, rootkits are a platform for hackers to provide unauthorized access, hide malicious software programs, and turn the compromised operating system into a host to attack other computers in the network.

Types of rootkits

As soon as rootkits enter the system, they behave with escalating privileges and can act like a Trojan horse, obscuring their existence by subverting the security tools and altering the drivers and kernel modules of an operating system. They come in five variants:

  • User mode runs along with other applications as a user and operates at a Ring 3 level with limited access to the computer. But it can intercept, modify, alter the processes, and overwrite the memory of other applications.
  • Kernel mode is the most difficult to detect and remove as it behaves and runs at Ring 0 , sharing the same privileges with the administrator of an operating system.
  • Bootkits are a type of kernel mode rootkit, which infects a computer s startup code or boot sector to attack disk encryption.
  • Hypervisor exploits the virtualization features of hardware and intercepts communications between the operating system and hardware. It behaves like a virtual machine that hosts the operating system.
  • Firmware rootkits are hidden in the system BIOS of a device or platform firmware such as hard drive, RAM, network card, router, and card reader.

Detection and removal

Detecting rootkits can be difficult, especially if the operating system is already infected, subverted, and compromised by a kernel mode rootkit. But there are ways to detect rootkits, including using antivirus software, checking the system s integrity, tracking CPU usage and network traffic, signature scanning, and employing difference-based detection.

Just as rootkits can be hard to unmask, they re also impossible to remove manually. But some rootkits can be detected and removed by antivirus or antimalware. The easiest way to get rid of rootkits is to reinstall the operating system and its applications.

Webopedia Staff
Webopedia Staff
Since 1995, more than 100 tech experts and researchers have kept Webopedia’s definitions, articles, and study guides up to date. For more information on current editorial staff, please visit our About page.
Get the Free Newsletter
Subscribe to Daily Tech Insider for top news, trends & analysis
This email address is invalid.
Get the Free Newsletter
Subscribe to Daily Tech Insider for top news, trends & analysis
This email address is invalid.

Related Articles

Complete List of Cybersecurity Acronyms

Insights Kaiti Norton - 0
Cybersecurity news and best practices are full of acronyms and abbreviations. Without understanding what each one means, it's difficult to comprehend the significance of...

Human Resources Management System

Development Vangie Beal - 0
A Human Resources Management System (HRMS) is a software application that supports many functions of a company's Human Resources department, including benefits administration, payroll,...

How To Defend Yourself Against Identity Theft

Security Vangie Beal - 0
Almost every worldwide government agency responsible for identity theft issues will tell you the same thing: The first step to fighting identity theft is...

Infographic

Design Abby Braden - 0
An infographic is a visual representation of information or data. It combines the words information and graphic and includes a collection of imagery, charts,...

Related Articles

Definitions

ScalaHosting

ScalaHosting is a leading managed hosting provider that offers secure, scalable, and affordable...
Read more
Development

HRIS

Human resources information system (HRIS) solutions help businesses manage multiple facets of their...
Read more
Definitions

Best Managed Service Providers...

In today's business world, managed services are more critical than ever. They can...
Read more

Webopedia is an online information technology and computer science resource for IT professionals, students, and educators. Webopedia focuses on connecting researchers with IT resources that are most helpful for them. Webopedia resources cover technology definitions, educational guides, and software reviews that are accessible to all researchers regardless of technical background.

Advertisers

Advertise with TechnologyAdvice on Webopedia and our other IT-focused platforms.

Advertise with Us

Menu

Our Brands

Property of TechnologyAdvice.
© 2022 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.