A Rootkit is a program that attempts to hide itself, other files, or computer data so that they cannot be seen on the computer. Rootkits were first created for the Unix operating system where hackers would install a tool set that would replace common operating system files so that the system administrator could not detect their activities. As more advanced techniques were created, rootkits became even more stealthy by installing themselves in such a way that they are able to intercept commands on the operating system so that a user would only be shown what the rootkit wanted the user to see. This includes the ability to make it so files, directories, configuration files, and Windows Registry keys are invisible to a system administrator or user of the machine.
With this said, the success of a rootkit is its ability to remain undetected on a machine. Fortunately, most rootkits are not programmed well and tell-tale signs become apparent leading a user to investigate their machine more closely. With this in mind, anti rootkit programs, or ARKs, were created that allow you to scan your computer for programs that are possibly intercepting instructions on the computer, which is a big sign that a rootkit may be installed. Some of the more popular Windows ARKs are RootRepeal and GMER, which contain a graphical user interface that quickly allows you to scan your computer for potential rootkits. When using these programs, though, you need to make sure you interpret the results properly as false positives are common.
A few years ago, a rootkit was not commonly seen on computers unless purposely planted there by a hacker to hide their activity. As more and more malware is created for the purpose of making money through cyber crime, the criminals need a more advanced way to protect their interests. In many cases, these methods are the use of rootkits to hide the money-making malware and make it difficult for traditional anti-malware and anti-virus program to remove them. Some rootkits are used to generate money on their own by acting as Trojan installers and advertisement engines.
Though the vast majority of rookits are used for criminal purposes, rootkits have been used for what may be considered more legitimate reasons. For example, in 2005 Sony Music decided to use rootkit technology as part of their Digital Rights Management protection. Unfortunately, they did not publicly disclose this technology and when it was discovered that rootkit technology, that could easily have been abused, was in use, security professionals and users were quick to speak out strongly against it. Today rootkit technology is used within legitimate programs such as Alcohol 120% and Daemon tools in order to hide themselves from being seen by anti-piracy programs. Some anti-virus programs also use aspects of rootkit technology in order to protect your computers from viruses.
As you can see, rootkits are a powerful technique that unfortunately are being used more and more by malware to protect themselves. As we analyze new malware that comes out we find that it is now common to find rootkits bundled along with them. Therefore, it is important to be aware of how these files work and that you can discover them using the free ARK scanners described above.
For more information about rootkits, please see the links below.
Other resources: