During the week of February 17, 2005, Microsoft Corporation security experts cautioned about a new group of system-monitoring programs, or kernel rootkits, that are nearly impossible to detect using present-day security products. This new generation of rootkits therefore pose a serious security challenge to companiesÂ’ systems. Going by names such as Hacker Defender, FU, and Vanquish, these rootkits not only can snoop but also may be creating a whole new group of spyware and worms that can wreak havoc on systems. Experts further feared that online criminal groups would find these to be of extreme interest as a means to commit cyber crimes.
See Also: Administrator; Remote Access; Trojan.
See Rootkit in Computer
A type of Trojan that keeps itself, other files, registry keys and network connections hidden from detection. It enables an attacker to have "root" access to the computer, which means it runs at the lowest level of the machine. A rootkit typically intercepts common API calls. For example, it can intercept requests to a file manager such as Explorer and cause it to keep certain files hidden from display, even reporting false file counts and sizes to the user. Rootkits came from the Unix world and started out as a set of altered utilities such as the ls command, which is used to list file names in the directory (folder).
Legitimate Rootkits?
Rootkits can also be used for what some vendors consider valid purposes. For example, if digital rights management (DRM) software is installed and kept hidden, it can control the use of licensed, copyrighted material and also prevent the user from removing the hidden enforcement program. However, such usage is no more welcomed than a rootkit that does damage or allows spyware to thrive without detection. See Trojan.