Rootkit

Malicious program, files or folders hidden from normal sight

Rootkit' generally refers to a method of hiding files or processes from normal methods of monitoring, and is often used by malware to conceal its presence and activities.

Originally, the term applied to UNIX-based operating systems - a rootkit was a collection of tools to enable a user to obtain root (administrator-level) access to a system and conceal any changes they might make. Such tools often included trojanised versions of standard system monitoring software which would hide the rootkit operators' activities.

More recently the term has generally been applied to malware using stealth techniques. Rootkits can operate at a number of levels, from the application level - simply replacing or adjusting the settings of system software to prevent the display of certain information - through hooking certain functions or inserting modules or drivers into the operating system kernel, to the deeper level of firmware or virtualisation rootkits, which are activated before the operating system and thus even harder to detect while the system is running.

Related news articles

China-Tibet row spills over into malware attacks

Both sides of debate targeted to spread malicious code.

16 April 2008

Sony in more rootkit rows

Accusations of sneakiness and unsafe practices hit media giants again.

28 August 2007

  see all related news stories

Poll

Will the current banking crisis lead to an increase in phishing attacks?
Yes
No
I don't know

Leave a comment
Jobs Recruit Sidebar

Jobs

In Virus Bulletin's jobs pages among others:
Virus Bulletin currently has 137,981 registered users.