Rootkits
Monday, November 9, 2009 11:00
A rootkit is a collection of software programs that contain a variety of tools and allow an attacker root or administrative level access to a computer or network. Attackers install rootkits usually after having obtained basic user level access to a system, then gaining higher access to the account by using a cracked password or through some other vulnerability on the system which allows them to install software on the system. Once a rootkit is installed, it allows the attacker to bypass security measures and hide the intrusion. Rootkits do this by replacing normal operating system components or altering existing system tools or software so as to escape detection.
Rootkits can consist of such tools or software programs as spyware, keystroke loggers, trojans, backdoor programs, and a variety of other programs. They can allow the attacker to monitor network traffic, capture information typed using the keyboard, alter log files, attack other computers on a network, allow remote access using a backdoor, and a variety of other tasks.
There are rootkits available for almost any type of operating system including Windows and Linux. Newer versions of rootkits are becoming hard to detect but a variety of companies have software programs to detect the most popular types of rootkits. If a rootkit is detected on your computer or system, the only sure way of removing all of its components is to erase the hard drive and reinstall the operating system.
Related posts: