Stay updated with the latest cybersecurity news.

What is a Rootkit?

By Reason Cybersecurity

on Mon Jun 08 2015

A rootkit is a software that essentially covers up for the fact that another program has hacked a computer by disguising files as harmless when, in fact they are potentially dangerous. The virus itself gives the creator admin-level access onto a computer’s operating system. A quick breakdown of the word rootkit helps us understand just what the term really means. “Root” is Linux-ese for admin and “kit” refers to the programs used to get into admin-level settings. Not all rootkits are malicious and some are even used by law enforcement agencies and IT departments but the methodology remains the same. Let’s explore just what rootkits are capable of and how to spot them.

History of Rootkits
Rootkits started off in the 1980s on Linux based operating systems but have since migrated to PCs and other operating systems. The first known rootkit was developed by Steve Dake and Lane Davis as a proof-of-concept for Sun Microsystems OS in 1996. One of the earliest rootkits “in the wild” was He4hook in 2000. The malware, developed in Russia wasn’t evil in intention but it did hide files. Then in 2003 came Vanquish, which not only hid files but logged keys, and it became clear to researchers that rootkits had the potential to wreak havoc on operating systems. In 2004-2005 rootkits got a fair amount of press when it was discovered that over one hundred members of the Greek Government, including the Prime Minister, phones on the Vodafone telecom network had been tapped by an installed rootkit.
Then in 2005, the massive Sony/BMG rootkit scandal broke and rootkits became front-page news. In an effort to curb CD piracy, Sony/BMG planted illegal and potentially harmful rootkits on CDs that kept users from copying the material and handed over reports to Sony on each user’s listening habits. The software went undetected by the major antivirus companies but was discovered accidentally by researcher Mark Russinovich. When Sony/BMG finally did respond, the then-President of Global Digital Business, Thomas Hesse, totally detached from the potential damage, said: “Most people don’t even know what a rootkit is, so why should they care about it?” By the time Sony accepted responsibility, Breplibot trojan had already used a vulnerability that the rootkit had created to infect computers.

What Can a Rootkit Do?
A rootkit with mal-intent can do anything a regular virus or trojan can do and it does a better job of staying hidden than regular viruses and other malware do. What makes rootkits so unique is that they generally are not written with the intention to destroy but rather to control information. They reach higher levels of permission than typical viruses, often attaining the same level of access as that of antivirus measures. They then plant themselves inside of important files rather than adding new files so they are virtually invisible to traditional AV products.

How Did a Rootkit Get on My Computer?

Rootkits can infiltrate a PC or any computer just like regular malware, through infected links and websites or by coming bundled with free software.

How Can I Protect Against Rootkits?
Rootkits can cause all sorts of damage, some that may not be noticed for many, many years. It’s a pretty scary concept but there are a few things you can do to prevent rootkits from installing on your PC in the first place.

Install and keep all security patches updated. This is especially important for Windows updates and anti-virus measures but it pertains to all software as well. Keeping outdated software running, or even just sitting dormant on your PC, opens it up to lots of holes and vulnerabilities. Along with your anti-virus measures that you are surely going to keep updated and patched, install a strong anti-malware program that specifically blocks rootkits (not all do). Reason Cybersecurity is designed to detect and block rootkits. By scanning your computer on a regular basis you can make sure nothing has slipped through.
Last but not least, as this is clearly forgotten time and time again by the average web denizen, please, for the love of your PC, stay away from downloads. Need this spelled out in super-simple terms? Don’t download attachments that come via emails or popups or on websites, even if you think you trust the sender/website. Your friend’s email could be hacked and your favorite trusted website may just be the victim of a malvertising campaign. Oh, and downloading sites? Does the name SourceForge mean anything to you? If not, all you really need to know is that free software downloading sites are not your friend and you may end up with much more than you bargained for.