A rootkit is software that provides remote access to a computer’s resources, files, and system information without the owner’s knowledge. Malicious hackers can install them on unsuspecting victims’ computers, and they can be difficult to detect. To protect against rootkits, experts recommend keeping security software up-to-date, only allowing trusted sites to install software, and using anti-rootkit software to scan for them weekly. If a rootkit is detected, it is recommended to reformat the drive and rebuild the system.
A rootkit is a set of software tools that, when installed on a computer, provides remote access to resources, files, and system information without the owner’s knowledge. Law enforcement and parental “nanny programs” use various types of rootkits to secretly monitor activity on computers for surveillance purposes, but malicious hackers can also install rootkits on the computers of unsuspecting victims.
The word “rootkit” comes from the UNIX operating system (OS) that was prevalent before Microsoft Windows. Linux and Berkeley Software Distribution (BSD) are derivatives of UNIX. The “root” level of a UNIX system is similar to Windows administrator privileges. The remote control software package was called a “kit”, giving us “rootkit” sometimes spelled as “root kit”.
Rootkits have been creating a buzz since the early 1990s. The type of rootkits that attack Windows machines build themselves into the operating system kernel. From here the rootkit can modify the operating system itself and intercept system calls (requests for system information), providing false responses to disguise the presence of the rootkit. Because the rootkit hides its processes from the operating system and system registries, it is difficult to detect.
A malicious hacker can transfer a rootkit to a computer in a number of ways. Rootkits can be delivered in a Trojan or even hidden in a seemingly benign file. This could be a chart or a silly schedule distributed via email. Victims have no way of knowing that a rootkit will be installed by clicking on the image or program. Rootkits can also be installed by browsing the web. A pop-up window might say, for example, that a program is required to view the site correctly, disguising a rootkit as a legitimate plugin.
Once a rootkit is installed, the hacker can secretly communicate with the target computer whenever it is online. Rootkit is usually used to install more hidden programs and create “backdoor” to the system. If the hacker wants information, a keylogger program can be installed. This program will secretly record everything the victim types, online and offline, delivering the results to the intruder at the next opportunity. Keylogger programs can reveal usernames, passwords, credit card numbers, bank account numbers, and other sensitive data setting up the victim for potential fraud or identity theft.
Other malicious uses for rootkits include compromising several hundred or even hundreds of thousands of computers to form a remote “rootkit network” called a botnet. Botnets are used to send distributed denial of service (DDoS) attacks, spam, viruses, and trojans to other computers. This activity, if traced back to the senders, can potentially lead to legal seizure of computers by innocent owners who had no idea their computers were being used for illegal purposes.
To protect yourself from rootkits, experts recommend keeping your security software up-to-date, including antivirus and antispyware. Install hotfixes (operating system security patches) as they become available, and delete spam without opening it. When browsing the Internet, only allow trusted sites to install software and avoid clicking on unfamiliar banners or pop-ups. Even a “no thanks” button can be a ploy to download a rootkit.
It’s also a good idea to use one or more anti-rootkit software programs to scan for rootkits weekly, then back up your system. While some rootkits can supposedly be safely removed, the general recommendation is to reformat the drive and rebuild the system to ensure that the entire rootkit and all of its processes are gone. If so, a recent, clean backup will make the job a lot easier.
Protect your devices with Threat Protection by NordVPN