Hacktool Rootkit and Rootkit Removal

Added: 10/01/2006
A favorite hacktool, rootkit, poses a huge threat to computer users. This Trojan program helps hackers to hide the fact that they have gained access to someone's system and the files stored within it. The Trojan hides itself deep within the operating system, masquerading as a working part of the OS, making it difficult to detect and almost impossible to remove.

The hacktool rootkit is used by hackers and intruders to mask their un-sanctioned activities on a system. The rootkit Trojan allows hackers to maintain access to a computer that might otherwise be detected and blocked or removed. The rootkit may also contain software that allows the intruder to intercept and record data from network connections and even the keyboard. The term for the hack tool, rootkit, comes from the set of Unix tools that were originally used to hide the access point, allowing the "root" of their connection to remain without ever being detected. Though rootkits were originally developed only for Linux, now rootkits can be targeted not only at Linux, but at Solaris and Microsoft Windows operating systems as well. As rootkits have moved away from a purely Linux based attack, the term rootkit Trojan has also taken on a more general meaning to include any program that hides itself within a part of the operating system.

There are two different varieties of rootkits: kernel rootkits and application rootkits. Kernal rootkits add or replace code to hide the backdoor, while application rootkits replace application binaries and modify the behavior of the application.

Rootkit removal is notoriously difficult to accomplish because the rootkit manages to work as a part of the operating system. Removal and Reinstallation of the operating system is quite definitely the easiest way to gain back control of a computer infested with a rootkit. The obvious problem with this approach is that all data not backed up on an alternative media will be lost. However rootkit removal is possible given the right procedure. The method most likely to work is to shut down the system and then boot from another device, for example a CD or a Flash Drive. Since the operating system the rootkit is hidden in is shut down the hacktool rootkit can no longer hide itself and is easily noticed by antivirus software on the other device. To combat this method some rootkits will stop working while the scan is taking place, thereby attempting to hide from the anti-virus software.  Aside from standard anti-virus software there are some programs designed specifically to detect rootkits. These include "chkrootkit" and "rkhunter" for Unix operating systems and "Blacklight", "UnHackMe", and "Rootkit Revealer" for Windows operating systems.

Every time an unsuspecting user unintentionally runs the hacktool rootkit the rootkit checks to make sure its connections are still present and shielded. Thus the rootkit is self- perpetuating. As a hacktool the rootkit is indespensible since it allows the intruder to maintain a connection undetected by the user. Without such shielding the backdoor would be easily noticed and removed by the user.

Aside from spreading from Linux to Windows and Solaris rootkits have also begun to be used by other types of viruses. For instance, some spyware programs are also beginning to use the hacktool rootkit to hide from anti-spyware programs.

This artilce has been viewed: 7 times this month, and 14268 times in total since published.
 

Random articles

Popular articles