Software designed to enable access to unauthorized locations in a computer
A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the existence of other software.[1] The term rootkit is a compound of "root" (the traditional name of the privileged account on Unix-like operating systems) and the word "kit" (which refers to the software components that implement the tool).[2] The term "rootkit" has negative connotations through its association with malware.[1]
Rootkit installation can be automated, or an attacker can install it after having obtained root or administrator access.[3] Obtaining this access is a result of direct attack on a system, i.e. exploiting a vulnerability (such as privilege escalation) or a password (obtained by cracking or social engineering tactics like "phishing"). Once installed, it becomes possible to hide the intrusion as well as to maintain privileged access. Full control over a system means that existing software can be modified, including software that might otherwise be used to detect or circumvent it.
Rootkit detection is difficult because a rootkit may be able to subvert the software that is intended to find it. Detection methods include using an alternative and trusted operating system, behavioral-based methods, signature scanning, difference scanning, and memory dump analysis. Removal can be complicated or practically impossible, especially in cases where the rootkit resides in the kernel; reinstallation of the operating system may be the only available solution to the problem. When dealing with firmware rootkits, removal may require hardware replacement, or specialized equipment.
^ abCite error: The named reference McAfee1 was invoked but never defined (see the help page).
^Evancich, N.; Li, J. (2016-08-23). "6.2.3 Rootkits". In Colbert, Edward J. M.; Kott, Alexander (eds.). Cyber-security of SCADA and Other Industrial Control Systems. Springer. p. 100. ISBN 9783319321257 – via Google Books.
^"What is Rootkit – Definition and Explanation". www.kaspersky.com. 2021-04-09. Retrieved 2021-11-13.
A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise...
The Sony BMG CD copy protection rootkit scandal was a scandal focused on the implementation of copy protection measures on about 22 million CDs distributed...
RootkitRevealer is a proprietary freeware tool for rootkit detection on Microsoft Windows by Bryce Cogswell and Mark Russinovich. It runs on Windows XP...
action the Storm Worm takes is to install the rootkit Win32.agent.dh. Symantec pointed out that flawed rootkit code voids some of the Storm Worm author's...
rkhunter (Rootkit Hunter) is a Unix-based tool that scans for rootkits, backdoors and possible local exploits. It does this by comparing SHA-1 hashes of...
performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, time-based alerting, and active response. It provides intrusion...
September 2018, yet another vulnerability was published (SA-00125). A ring −3 rootkit was demonstrated by Invisible Things Lab for the Q35 chipset; it does not...
file that automatically executes the propagated copies of the worm; and a rootkit component responsible for hiding all malicious files and processes, to...
experts for his work on DNS cache poisoning, for showing that the Sony Rootkit had infected at least 568,000 computers, and for his talks at the Black...
AFX Windows Rootkit 2003 is a user mode rootkit that hides files, processes and registry. When the installer of the rootkit is executed, the installer...
issued an advisory on Extended Copy Protection DRM, citing the XCP use of rootkit technology to hide certain files from the computer user as a security threat...
lightweight system that protects an operating system's kernel hooks from rootkit attacks. It prevents thousands of kernel hooks in the guest operating system...
Sony rootkit. Security researchers, beginning with Mark Russinovich in October 2005, have described the program as functionally identical to a rootkit: a...
hypervisor-based rootkit. In 2009, researchers from Microsoft and North Carolina State University demonstrated a hypervisor-layer anti-rootkit called Hooksafe...
nProtect GameGuard (sometimes called GG) is an anti-cheating rootkit developed by INCA Internet. It is widely installed in many online games to block...
and Outlier Security. Hoglund contributed early research to the field of rootkits, software exploitation, buffer overflows, and online game hacking. His...
The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System is a book written by Bill Blunden, published by Jones & Bartlett Publishers...
rootkit/process-injection techniques, robust encryption, and a modular architecture known as a "dropper". This decrypts and decompresses the rootkit driver...
digital rights management capabilities that "phone home", keyloggers, rootkits, and web beacons. These four categories are not mutually exclusive and...
Information Security Engineer at Google, claimed that "Uplay" DRM is a rootkit and poses a serious security risk. The software installs a browser plugin...
Direct kernel object manipulation (DKOM) is a common rootkit technique for Microsoft Windows to hide potentially damaging third-party processes, drivers...
for rootkits. A rootkit is a type of malware designed to gain administrative-level control over a computer system without being detected. Rootkits can...
Sony rootkit in Sony DRM products, whose function was to prevent users from copying their media. In January 2006, Russinovich discovered a rootkit in Norton...
international media attention in early 2007. iDefense linked the GinWui rootkit, developed by their leader Tan Dailin (Wicked Rose) with attacks on the...