What is a Rootkit Virus?

A rootkit is a type of software designed to hide the fact that an operating system has been compromised, sometimes by replacing vital executables. Rootkits allow viruses and malware to “hide in plain sight” by disguising as necessary files that your antivirus software will overlook. Rootkits themselves are not harmful; they are simply used to hide malware, bots and worms. Rootkits get their name from the Unix term for the primary administrator account called “root” and “kits,” which refer to the software pieces that implement the tool. To install a rootkit, an attacker must first gain access to the root account by using an exploit or obtaining the password by cracking it or social engineering. Rootkits were originally used in the early 1990’s and targeted UNIX operating systems. Today, rootkits are available for many other operating systems, including Windows. Because rootkits are activated before your operating system even boots up, they are very difficult to detect and therefore provide a powerful way for attackers to access and use the targeted computer without the owner’s notice. Due to the way rootkits are used and installed, they are notoriously difficult to remove. Rootkits today usually are not used to gain elevated access, but instead are used to mask malware payloads more effectively.

Comments are closed.