- Get link
- Other Apps
Rootkits are the most difficult type of computer infection to detect and remove. Forewarned is forearmed!
Rootkits have been around for about 20 years, helping attackers to operate on their victims' computers without being noticed for a long time. The term is often applied to those malicious programs that are specially designed to operate secretly on an infected computer and at the same time allow remote control of the PC. Since rootkits are among the most unpleasant types of malicious applications, we decided to briefly explain how a rootkit works and what to do if you suspect that your computer is infected with such filth.
More About Terms
Originally, the term rootkit meant a set of malicious applications that hide their presence on a computer and allow a hacker to do their business unnoticed. The word root in the name clearly indicates that the word originated in the world of Unix computers, but today when we talk about rootkits, as a rule, we are talking about Windows computers, and the concept of "rootkit" includes not only stealth tools, but the entire set functions of the malicious application. It usually hides deep in the bowels of the operating system and is specially written in such a way as to avoid detection by antivirus and other security tools. A rootkit can contain various malicious tools such as a keylogger, a thief of stored passwords, a bank card scanner, a remotely controlled bot for carrying out DDoS attacks, and functions to disable antivirus software. A rootkit usually also has backdoor functions, that is, it allows an attacker to remotely connect to an infected computer, install or remove additional modules, and thus do whatever his imagination tells the machine to do. Some examples of current Windows rootkits are TDSS, ZeroAccess, Alureon, and Necurs.
Rootkit Variations
Rootkits fall into two categories: user-level and kernel level. The former get the same rights as a regular application running on a computer. They are injected into other running processes and use their memory. This is the more common option. As for kernel-level rootkits, they work at the deepest level of the OS, getting the maximum level of access on the computer. After installing such a rootkit, the attacker's possibilities are almost endless. Kernel-level rootkits are usually more difficult to create and therefore less common. They are also much more difficult to detect and remove.
There are even more exotic variations such as 'Bootkits' ( bootkit ), which modify the computer's boot loader, and get management even before the operating system starts. In recent years, mobile rootkits have also emerged to attack Android smartphones.
Infection Method
Initially, rootkits enter the computer in the same way as other malicious applications. A vulnerability in a browser or plugin is usually exploited, and a popular method of infection is via USB sticks. Attackers sometimes even leave infected flash drives in public places where a suitable victim can pick them up. The rootkit then exploits OS vulnerabilities to gain a privileged position in the system and installs additional components that provide remote access to the computer and other malicious functionality.
Deleting
The main difficulty in dealing with rootkits is that they actively counteract their detection by hiding their files and registry keys from scanning programs, as well as using other techniques. There are utilities specially designed to search for known and unknown rootkits using various highly specialized methods, as well as using signature and behavioral analysis. Removing a rootkit is also a complex and multi-step process, which rarely boils down to removing a couple of files. Usually, you have to use a special program like TDSSkiller created to combat the TDSS rootkit. In some cases, the victim even has to reinstall the operating system if, as a result of the infection, the computer files are damaged too deeply. For less complex and harmful rootkits, removal can be performed using the usual disinfection function in Total Security.
Comments
Post a Comment