rootkit

A rootkit may consist of spyware and other programs that: monitor traffic and keystrokes; create a "backdoor" into the system for the hacker's use; alter log files; attack other machines on the network; and alter existing system tools to escape detection.

The presence of a rootkit on a network was first documented in the early 1990s. At that time, Sun and Linux operating systems were the primary targets for a hacker looking to install a rootkit. Today, rootkits are available for a number of operating systems, including Windows, and are increasingly difficult to detect on any network.

Rootkits have become more common and their sources more surprising. In late October of 2005, security expert Mark Russinovich of Sysinternals discovered that he had a rootkit on his own computer that had been installed as part of the digital rights management (DRM) component on a Sony audio CD. Experts worry that the practice may be more widespread than the public suspects and that attackers could exploit existing rootkits. "This creates opportunities for virus writers," said Mikko Hypponen, director of AV research for Finnish firm F-Secure Corp. "These rootkits can be exploited by any malware, and when it's used this way, it's harder for firms like ours to distinguish the malicious from the legitimate."

A number of vendors, including Microsoft, F-Secure, and Sysinternals, offer applications that can detect the presence of rootkits. If a rootkit is detected, however, the only sure way to get rid of it is to completely erase the computer's hard drive and reinstall the operating system.

Getting started with rootkits

To explore how rootkits are used in the enterprise, here is an additional resource:

How to detect and remove rootkits with Windows encryption: Rootkits have become a common attack technique for hackers and a serious headache for security pros and administrators. Learn more about this form of malware, including how to detect and remove rootkits with Windows encryption.

Learn more about Antivirus, antispyware management

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

More resources from around the web: - Rootkit.com is a Web site dedicated to information about the problem. - Michael Cobb discusses how to ensure your Windows updates are valid. - Here's Mark Russinovitch's blog entry about his discovery. - The anti-rootkit blog offers antirootkit software, news, articles and forums. - Serdar Yegulalp compares Microsoft's security tools to other products. - This IT Knowledge Exchange thread explains how to stop a rogue user from circumventing network security.

FILE EXTENSION AND FILE FORMAT LIST File Extension and File Format List: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #

RELATED CONTENT How to detect malicious insiders by monitoring antivirus log files Antivirus logs can be a low-cost, low-effort approach for resource-strapped companies to look for threats posed by malicious insiders. Start with centralized endpoint security management when buying suites Single vendor centralized management of endpoint security suites is the primary consideration when choosing and buying an endpoint security suite How to use Excel for security log data analysis Microsoft Excel can be an inexpensive and effective option for firewall, antivirus and server log analysis.

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary email virus  (SearchMidmarketSecurity.com) keylogger  (SearchMidmarketSecurity.com) A keylogger, sometimes called a keystroke logger, key logger, or system monitor, is a hardware device or small program that monitors each keystroke a...