Rootkit

Rootkit logo

Taken from Digital Defense

  1. Definition: A rootkit malicious software installed without the user’s awareness with the following intentions:
    • Hide the rootkit’s own activities and their presence from the OS.
    • Hide the activities performed by other malicious utilities / software installed on the compromised system.
    • Gather data of interest to the attacker and provide this data to the attackers silently.
    • Act as a repository of malicious programs serving other systems like zombies or bots.
    Rootkits contain various malicious utilities like network sniffers, and the tools which wipe off the logs. These replace some of the OS functions and calls with their own malicious versions, thus compromising the security of the targeted system. Once they are installed, they provide complete access to the attacker on the compromised system. Rootkits are not easy to detect as they are primarily meant to be working in stealth mode, hiding themselves and their activities.

    Reason for the name: Since they work from inside the root of an OS.
    Propagation: Once installed, the rootkit will start working in the background without the OS being able to detect it.
    Examples of well-known rootkits: Windows NT/2000 Rootkit, Fu, and KBeast.
These notes by Miriam Briskman are licensed under CC BY-NC 4.0 and based on sources.