Malware: What are rootkits?
Introduction
Those looking to take advantage of computer users dream of being able to access computer systems of others without being detected. Couple that with elevated privileges, and you have yourself a veritable attacker’s fantasy. That is probably why so many attackers and cybercriminals rely on rootkits to make their dreams come true.
This article will detail what rootkits are, their components, levels of rootkits, how rootkits spread and what rootkits can do to a computer system, as well as some of the different types of rootkits kicking around computer systems these days. Those who are not well versed in Unix will get a little historical perspective on the name as well. Welcome to Rootkits 101!
What is a rootkit?
Those new to malware are probably scratching their heads wondering what a rootkit is, and probably why it is has a name like “rootkit.” A rootkit is a piece of software that has two functions: to provide privileged access and to remain undetected. Not all rootkits are malware, but this article will focus on those with malicious intent.
The word “rootkit” is a combination of the component words “root,” from Unix/Linux meaning “privileged access,” and “kit” referring to tool kit. Easy enough, right?
Components of rootkits
Rootkits have three common components:
- Dropper: Droppers are the file or program that install the rootkit. Sometimes it’s an executable program (for example, when it is contained in a suspicious email attachment), or it can be a file that is triggered once opened (for example, a Word or PDF document)
- Loader: This is the malicious code that launches when the dropper is initiated. The loader takes advantage of system vulnerabilities and coordinates the rootkit to load with the system. The vulnerabilities it exploits depend on the level the level (Read more...)
*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Greg Belding. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/v57QNROQfEw/
