rootkit“Rootkit” is a term applied to cloaking techniques and methods applied at the “Root” (Administrator) level of a computer. A successfully installed rootkit allows unauthorized users to act as system administrators, and take full control of the compromised system. Most anti-virus and malware removal tools are ineffective against this villain.

In general, rootkits limit themselves to maintaining control of one system, whereas a computer virus attempts to spread to other systems. A program that automatically scans and exploits network vulnerabilities is referred to as a computer worm.

These insidious programs invariably leave a “backdoor” often called a trojan horse to capture passwords and facilitate future logins. A root shell is often simply bound to port 31337 (“ELEET” in cracking jargon). Trojans are the core of rootkits.

Although all rootkits are serious security concerns, the kernel rootkit is especially dangerous because of its difficulty of detection. It operates at the same level as the operating system, and can modify or subvert any request made by software on the running system. In a situation such as this, the system itself cannot be trusted.

Since the task of reinstalling a “clean” OS is almost trivial, most experienced administrators consider it impractical to try and dig out a rootkit.

Back to the top of Rootkit.