Rootkit

Malicious program, files or folders hidden from normal sight

Rootkit' generally refers to a method of hiding files or processes from normal methods of monitoring, and is often used by malware to conceal its presence and activities.

Originally, the term applied to UNIX-based operating systems - a rootkit was a collection of tools to enable a user to obtain root (administrator-level) access to a system and conceal any changes they might make. Such tools often included trojanised versions of standard system monitoring software which would hide the rootkit operators' activities.

More recently the term has generally been applied to malware using stealth techniques. Rootkits can operate at a number of levels, from the application level - simply replacing or adjusting the settings of system software to prevent the display of certain information - through hooking certain functions or inserting modules or drivers into the operating system kernel, to the deeper level of firmware or virtualisation rootkits, which are activated before the operating system and thus even harder to detect while the system is running.

Related news articles

China-Tibet row spills over into malware attacks

Both sides of debate targeted to spread malicious code.

16 April 2008

  see all related news stories

Poll

Do you use the same password(s) across multiple websites?
I use the same password for all sites
I have a number of passwords but use the same for some sites
I use a different password for each site
I don't sign up to any sites that require a password

Leave a comment
View 4 comments
Jobs Career Sidebar

Jobs

In Virus Bulletin's jobs pages among others:
Virus Bulletin currently has 191,018 registered users.