The term Rootkit is a combination of two words: “root” and “kit.” A rootkit allows malicious attackers to gain “root” or full administrator privileges on a computer in order to perform unauthorized actions. This exploit can result in software execution, changes in system configuration files, accessing of log files, monitoring of user keyboard input, browsing and other navigational activities. Rootkits were formerly described as a suite of tools that would grant users access with full administrator rights. These days, rootkits are categorized as a type of malware, just like worms, viruses or Trojan horses.
Rootkits are related to other web threats including but not limited to:
- Mobile threats: Malware or viruses directed at mobile devices such as smartphones and tablets.
- Ransomware: Hijacking accounts with the aim of reaping financial rewards.
- Viruses: Malicious software that is typically executed by human actions such as clicking files.
- Spyware: Malicious software that monitors actions performed on a computer or network such as keyboard, browsing and navigational actions.
- Phishing: Tricking users into entering personal information, typically by creating a fake site that the user believes to be legitimate.
Effects of rootkits
Rootkits are a danger to cooperate computers and networks as enable malicious attackers to gain root access. Once these attackers gain control over the computer, they can perform many other actions using that computer to gain access to other sensitive and confidential areas. The attacker can change configuration files and can execute other files to gain privileged access to sensitive areas. A rootkit can also be a keylogger, which monitors and records keystrokes and browsing activities of users including company employees and management.
How to identify and avoid rootkits
Rootkits can often be difficult to identify as attackers are constantly finding ways to change up the code in order to avoid detection. Often a mix of scanning programs such as anti-virus, anti-spyware and anti-malware combined with human observation of application behavior is the best methodology for detecting rootkits. If a user detects a strange action by an application, it is possible that it has been infected by some type of rootkit. Some sophisticated rootkits can gain such deep access that the only way to eliminate the threat is to wipe the entire drive or device clean.
Anti-virus, anti-spyware and anti-malware software should be enabled and running constantly. Frequent scans should be performed. Security updates and patches should be installed immediately after they are made available. Some default actions would include being cautious about opening email attachments or downloading files from exterior sources. Beware of bundled software while installing third-party applications and always perform scans after the installation of any new software.
Latest posts by tal (see all)
- Checkmarx Visual Studio Static Code Analysis Plugin - October 15, 2014
- Secure SDLC - October 15, 2014
- Spoofing Attack - October 15, 2014