Rootkit

What is a rootkit?

The evil rootkit is a set of software tools usually used by an intruder after gaining access to a computer. The tools are intended to conceal running processes, files or system data, which helps the intruder maintain access to the system without the user’s knowledge.

How does it work?

A rootkit integrates itself deep within the OS, taking over bits and pieces of the code, and then hiding from anything that is trying to detect it. Consider a regular OS file. The rootkit might infect the file and become part of it. If you try and use an anti-virus or antispyware against it, the rootkit performs a trick that in effect tells the anti- software that there’s nothing wrong with the file. Thus, the rootkit is completely invisible.

Who developed it?

“Rootkit” originally referred to a set of recompiled Unix tools that would hide any trace of an intruder; the tools would normally display such traces. This allowed the intruder to be a “root” on the system without being visible to the administrator. The term is now not restricted to Unix-based OSes; such tools exist for OSes such as Windows.

Where is it used?

Usually on compromised computers, and famously, on Sony music CDs until recently.

When did the term become popular?

In October 2005, a certain blog detailed a description of the characteristics of the software on Sony BMG music CDs. The article said the software was illegitimate. It was stated that there were shortcomings in the software design that manifest themselves as security holes, which can be exploited by malicious software.

Why are rootkits legitimately needed?

Rootkits allow the programmer to see and access usernames and login information for sites that require them.

ware.

Why are rootkits legitimately

needed?

Rootkits allow the programmer

to see and access usernames

and login information for sites

that require them.