A rootkit is a set of programs and code that allows a permanent or consistent, undetectable presence on a computer"(1). Rootkit is software that masquerades on the host system as system file or hides itself so that it can be exceptional difficult to identify the software. Ironically rootkits may have been developed as utilities to enable remote access to problematic systems. However, most recently rootkits have become insidious malware software invaders that can elude most detections schemes once they have been activated.
There are several ways that rootkits can avoid detection. A common technique is to subvert the system routines that monitor what processes are active. This enables the rootkit to ensure that its processes do not show up when administrators or users search for malware. Another common approach is to install itself as a driver, which enables the rootkit to operate at the lowest levels in the operating system without having a presence to most users or administrators.
Once they are established on the host system it is mostly up to the ingenuity of the perpetrator as to how the rootkit is used. They can be used to capture and transmit information or to completely take over the host system.
Security software exists to detect rootkits. In another ironic twist, some security software installs itself as a rootkit in order to detect various malware threats. However, there is a growing concern that as rootkits become increasingly difficult to detect the represent the biggest threat to the general public.
- Hoglund, G. & Butler, J. (2005). Rootkits: Subverting the Windows Kernel. Stoughton, MA: Addison-Wesley Professional.
- Rootkit. (2009, November 16). In Wikipedia, The Free Encyclopedia. Retrieved 04:08, November 21, 2009, from http://en.wikipedia.org/w/index.php?title=Rootkit&oldid=326146331