In simple language, ‘rootkit’ is basically a software kit used to get to the root of the computer. In other words, a software kit used to gain admin access to the computer and thereby control it. Developed as a legitimate software to provide a ‘backdoor’ to software developers in order to fix the respective software – in case any issue arises – today, unfortunately, it is used by the hacking community to take control of vulnerable computers and to steal vital data from them.
Rootkits can make it to your computers via a number of ways – the most popular of them being phishing and social engineering attacks. Once they enter your computer, they usually take control of it and allow hackers to access it remotely so that they can carry out the intended task – which could be stealing information from the computer or simply crashing it.
How To Detect Rootkit Infection?
Just like different types of malware, rootkit infections usually are accompanied with some typical signs, which include antivirus stopping to function, Windows Settings changing independently, background images changing or pinned items to the task bar disappearing for no reason. And not to forget slow system performance. All these are usually indicative of rootkit infection.
Types Of Rootkits
Some of the most popular rootkits include:
- Kernel Rootkit: These are rootkits which operate at the kernel level (the core of the operating system) and have a serious effect on the system. These rootkits are usually difficult to detect since they operate at the kernel, meaning they have the same privileges like that of the operating system.
- Firmware Rootkit: These rootkits affect the firmware devices like network devices. These rootkits are usually booted when the machine gets booted and is available as long as the device is. This too is hard to detect.
- Application Rootkit: These rootkits operate at the application level. That is, they don’t infect the kernel but the application files inside your computer. These usually replace the applications files (which they are trying to infect) with the rootkit files or change the behavior of the application by injecting code.
- Memory Rootkit: These rootkits usually hide themselves and operate from the computer’s memory. That is RAM (Random Access Memory).
- Bootkit Rootkits: These rootkits – also known as Boot Loader Level kits – infect the legitimate boot loader of your system with the respective rootkit, so that they get activated whenever the operating system is started. Obviously, these rootkits too pose a serious threat to your system.
- Persistent Rootkits: Another rootkit which starts up and stays active until the system is shut down. What’s more is the fact that this rootkit has the ability to restart the system processes.
- Library Rootkits: As the name suggests, these rootkits affect the ‘library files’ in your computer (system library). For example, windows ddls. Similar to other rootkits, these too intercept specific files and replace them with its own code