Rootkits

What are rootkits?

A rootkit is designed to hide the telltale signs that an operating system has been compromised. Rootkits, in other words, allow viruses and malware to disguise themselves as necessary files so that antivirus programs can overlook them. Rootkits enable a third party to remotely maintain command of a computer, without the original user’s knowledge. Furthermore, a rootkit can remotely execute programs and change system configurations from the host machine. A rootkit-infected computer can also access log files and spy on the owner’s computer activity.

A rootkit is a set of software or hardware components that enables people to run arbitrary code as a root user (in Windows, as a system user). That gives the attacker the ability to modify important code running on the computer system. If the software or hardware component does not give the attacker kernel access (a kernel being the main program that runs the computer’s operating system), then it is not a rootkit. The easiest way to get code running in kernel mode without prompting UAC (user account control) on Windows is via USB drive. A USB device can have malicious files stored in it, and these malicious files are then installed into the computer when you plug in the USB drive in. With that being said, it would be wise to not allow employees to plug in USBs with an unknown origin.

One preventative measure to stop malware from gaining full administrative access to your computer is to create a guest user (non-admin) and then use it as the primary account. Unfortunately, in Windows, a malware hacker can still bypass user control and gain admin rights. Some of their methods include establishing complex setups on the target machine, implementing malicious hardware to be plugged into the system, or simply exploiting existing software that is already running on the computer with permissions. The most common way a rootkit can infect a system is actually by exploiting existing software already running with system permission, then gaining user account control by tricking the primary user into granting admin rights.

Guard your system by keeping everything up to date and installing necessary patches for your operating system. Do not open email file attachments from unknown sources, and be careful of any software you install by first reading the end-user license agreements.