Rootkit: The Kit Of Tools For Those Malicious

Added: 10/01/2006
A rootkit is a kit of tools which is used by an attacker after he has cracked a computer system, these tools are to help the intruder set up access to the attacked system and use it for their purposes which are mostly often extremely malicious. There are rootkits for various operating systems including Linux and different versions of Microsoft Windows. Read the article to find out more.

The term "rootkit" was derived from the set of Unix tools (recompiled ones) like "w", "passwd", "netstat", "ps" etc. that should have displayed the intrusion to the system, but the rootkit would never allow them do that. The crackers are able to get root-level access to the system and the system administrator is even unable to see them.

Now the "rootkit" term is used referring to other systems, not being restricted to Unix based operating systems only. There is a hacktool rootkit virus which performs similar activities for non-Unix operating systems, even if they do not have accounts of the root-level type.

A rootkit usually performs tasks of hiding logins, logs and processes and often carries onboard special software to intercept data transmitted by the keyboard, terminals and connections within the network. Because of this, a rootkit can often be confused with a Trojan horse.

A backdoor may also be part of a rootkit to help the intruder for easier access to the system. For instance, a rootkit may carry an application to scan a shell when the intruder snuffs a particular port of the network system. There are also the so-called kernel rootkits. A kernel rootkit is able to allow a non-privileged user to initialize processes usually reserved for the system administrator.

The problem of detecting rootkits and how to remove rootkit is really serious. The main issue is that the system checked cannot be trusted itself. That is because most of rootkits modify the kernel level with many tools and libraries on that level. And all programs running on the particular system are dependent on that level. So the situation is outstandingly absurd - you cannot trust the program which checks your system to say whether you can trust it or not.

The process of detection and elimination of the rootkits is very similar to that with the computer viruses. It is the never ending struggle between the creators of the security software and those guys developing various kinds of malicious software.

However, there are several application available to serve for the detection of rootkits. The most popular for Unix based operating systems are rkhunter and chkrootkit.

The main difference between a computer virus and a rootkit is that usually a computer virus tries to spread itself to other vulnerable systems and a rootkit as a rule is limited to maintain control over one particular system only. However, there are certain hybrids. For example, a virus can install a rootkit and a rootkit may carry onboard some of the worms, scanners or sniffers. This is similar to the situation when the e-mail worms which usually explore the vulnerable pieces of Microsoft software are referred to as viruses though they are not actually performing the functions of the malicious software of virus kind.

If you are not a system administrator, you should probably not bother yourself with the problem of rootkits and other stuff alike. The chance of someone being interested in your particular computer to such an extent that he would bother himself installing a rootkit on your computer is really insignificant.

This artilce has been viewed: 0 times this month, and 8 times in total since published.
 

Random articles

Popular articles