What Is Rootkit?

A rootkit is a clandestine computer program designed to provide continued privileged access to a computer while actively hiding its presence. The term rootkit is a connection of the two words "root" and "kit." Originally, a rootkit was a collection of tools that enabled administrator-level access to a computer or network. Root refers to the Admin account on Unix and Linux systems, and kit refers to the software components that implement the tool. Today rootkits are generally associated with malware – such as Trojans, worms, viruses – that conceal their existence and actions from users and other system processes.

Rootkit installation can be automated, or an attacker can install it once they've obtained root or Administrator access. Obtaining this access is a result of direct attack on a system, i.e. exploiting a known vulnerability (such as privilege escalation) or a password (obtained by cracking or social engineering tactics like "phishing"). Once installed, it becomes possible to hide the intrusion as well as to maintain privileged access. The key is the root or administrator access. Full control over a system means that existing software can be modified, including software that might otherwise be used to detect or circumvent it.
The presence of a rootkit on a network was first documented in the early 1990s. At that time, Sun and Linux operating systems were the primary targets for a hacker looking to install a rootkit. Today, rootkits are available for a number of operating systems, including Windows, and are increasingly difficult to detect on any network.

Related Articles:  What Is Adware?Different Types Of Adware.

What Is Computer Virus? Different Types Of Computer Virus.

What Are Digital Footprints? Its Significance And Consequences? How To Manage Digital Footprints?

Rootkits have become more common and their sources more surprising. In late October of 2005, security expert Mark Russinovich of Sysinternals discovered that he had a rootkit on his own computer that had been installed as part of the digital rights management (DRM) component on a Sony audio CD. Experts worry that the practice may be more widespread than the public suspects and that attackers could exploit existing rootkits. "This creates opportunities for virus writers," said Mikko Hypponen, director of AV research for Finnish firm F-Secure Corp. "These rootkits can be exploited by any malware, and when it's used this way, it's harder for firms like ours to distinguish the malicious from the legitimate."

Different Types Of Rootkits:-

Kernel Rootkits:-

 The kernel is the core of the Operating System and Kernel Level Rootkits are created by adding additional code or replacing portions of the core operating system, with modified code via device drivers (in Windows) or Loadable Kernel Modules (Linux). Kernel-Level Rootkits can have a serious effect on the stability of the system if the kit’s code contains bugs. Kernel rootkits are difficult to detect because they have the same privileges of the Operating System, and therefore they can intercept or subvert operating system operations.

Related Articles: What Is Ransomware ? Different Types Of Ransomware .

What Is Scareware ? Effects Of Scareware .

 Firmware Rootkits:-

Firmware rootkits are actually embedded within the firmware of devices such as network devices.  A firmware rootkit is activated if a BIOS function is called or when the machine is booted. The rootkit would always be available as long as the device is. And can be harder to detect. That's why its good to let your anti-virus scan every device that your plugin.

Uses or Application rootkit:-

 A user or application rootkit hides itself in the application program. It hides with other application programs in the user mode. A user rootkit doesn’t have access to the kernel. These rootkits operate inside the victim computer by changing standard application files with rootkit files or changing the behavior of present applications with patches, injected code etc. When a specific program is run the rootkit will start up, and when the program is ended the rootkit is ended.

Related Articles:  What Is Trojan Horse ? Types Of Trojan Horse .

What Is Bootloader In Android Device ? How To Unlock Bootloader ?

Memory rootkit:-

A memory rootkit is the one which hides itself in the memory (RAM).

Hypervisor Or Virtualized Rootkits:-

 Hypervisor (Virtualized) Level Rootkits are created by exploiting hardware features such as Intel VT or AMD-V (Hardware assisted virtualization technologies). Hypervisor level rootkits hosts the target operating system as a virtual machine and therefore they can intercept all hardware calls made by the target operating system.

Bootloader Or Bootkit Rootkits:-

 Boot loader Level (Bootkit) Rootkits replaces or modifies the legitimate boot loader with another one thus enabling the Boot loader Level (Bootkit) to be activated even before the operating system is started. Boot loader Level (Bootkit) Rootkits are a serious threat to security because they can be used to hack the encryption keys and passwords.

Related Articles: What Is Computer Worm ? Different Types Of Computer Worms .

What Is Spyware ? Types Of Spyware and Effects Of Spyware .

Persistent Rootkits:-

When the system starts up the rootkit starts up and stays running until the system is shut down, and even if the system process is ended it will restart the process.

Library Rootkits:-

In software applications that use code library files such as windows ddls. The rootkit can intercept specific systems and API calls and replace them with its own code. A library rootkit hides itself in the system library.