What are Rootkits?

A rootkit is a special type of malware (malicious software). Rootkits are special because you don't know what they're doing. Rootkits are nearly undetectable and they're almost impossible to remove. Although detection tools are proliferating, malware developers are constantly finding new ways to cover their tracks.

A rootkit's purpose is to hide itself and other software from view. This is done to prevent a user from identifying and potentially removing an attacker's software. A rootkit can hide almost any software, including file servers, keyloggers, botnets, and remailers. Many rootkits can even hide large collections of files and thus enable an attacker to store many files on your computer invisibly.

Rootkits do not infect computers by themselves like viruses or worms do. Instead, an attacker identifies an existing vulnerability in a target system. Vulnerabilities may include an open network port, an unpatched system, or a system with a weak administrator password. After gaining access to a vulnerable system, the attacker can install a rootkit manually. This type of stealthy directed attack does not usually trigger automated network security controls such as intrusion detection systems. Rootkits: The Obscure Hacker Attack: Tip of the Month - October 2005

Linked by shanmuga Saturday, 22nd October 2005 6:57AM