What exactly is a rootkit? Why are rootkits so dangerous?


The word “rootkit” comes from the two words “root” and “kit”. Root refers to the user with maximum rights in UNIX systems (this can be UNIX, AIX, Linux, etc.). This person is called the “super-user”, the “administrator”, or one of a host of other names. Specifically, it represents the highest level of authority present within a given IT system. On the other hand, the “kit” is a group of tools, so a rootkit is therefore a group of tools with a root category.

In practice, rootkits are programs which, once installed on a system, carry out the necessary modifications to be able to carry out the tasks programmed into them without being detected.

In essence, rootkits try to help hide the presence of other processes which are carrying out malicious activity in the system. For example, if there are backdoors in the system, which allow spying tasks to be carried out, the rootkit will hide the open ports which could warn of this communication, or if there is a system for sending spam, the rootkit will hide all email activity. The only real limitation is the creator’s imagination. IT Observer | What are Rootkits?

Linked by shanmuga Monday, 2nd January 2006 10:00PM