What Is Rootkit?by Kathryn Hatter
A rootkit is a system created to infiltrate a computer system and then conceal its presence once it has infiltrated. Typically, a rootkit is a set of programs that work together to achieve and maintain this access. Once access has been achieved, the rootkit has access to the administrative controls of a computer system.
Rootkits are a relatively new computer creation. The first recorded rootkit dates to 1990. Prior to this, a computer program that had some similarities to a rootkit was used by an employee of Bell Labs to gain access to computers in a naval lab in California. As part of a bet, the employee worked on a computer program that would enable him to have access to the naval lab computer system.
Rootkits can be used to find log-in information, user names, passwords and other confidential information that is stored or used on a computer system. A rootkit can execute files remotely, can monitor any computer activity on the compromised system and can alter system configurations. Once a rootkit has infiltrated a computer system, it can maintain control over the system. This control is executed without being detected and the system owner usually does not even realize it is happening.
Rootkits can have legitimate and non-malicious purposes. Examples of legitimate uses for rootkits include use by employers, parents or law enforcement officials. Rootkits used for legitimate reasons are typically installed to enable remote monitoring and control of a computer system. Parents and employers who wish to be able to monitor the computer use of a computer system could do so by using a rootkit. The presence of the rootkit would not be detectable on the computer system.
Rootkits also have malicious purposes. Rootkits can be used by attackers and spies to gain access to and monitor computer systems for criminal purposes. Usually rootkits work by concealing files, processes, connections and registry entries from other programs. This means that they have access to sensitive processes and resources without detection. Attackers can utilize a rootkit to steal important financial information that can be used to compromise the financial identity and control of financial accounts of computer users.
Detection of rootkits is inherently difficult due to the way that rootkits are designed to conceal themselves within the operating system. A successful rootkit will not be apparent to the user at all. If strange or suspicious computer behavior is noticed by a computer administrator, a rootkit might be suspected. Often rootkits are combined with many files and programs, which further complicates detection and removal. By scanning memory and file systems sometimes indicators of rootkits can be found.