Rootkit - Computer Definition
A backdoor Trojan horse hiding behind or within processes and files that can provide crackers remote access to a compromised system. Besides being the name of a specific software tool, the term rootkit is often used in a more general sense to describe a tool providing system administrators access privileges to snoop while avoiding detection.
During the week of February 17, 2005, Microsoft Corporation security experts cautioned about a new group of system-monitoring programs, or kernel rootkits, that are nearly impossible to detect using present-day security products. This new generation of rootkits therefore pose a serious security challenge to companies’ systems. Going by names such as Hacker Defender, FU, and Vanquish, these rootkits not only can snoop but also may be creating a whole new group of spyware and worms that can wreak havoc on systems. Experts further feared that online criminal groups would find these to be of extreme interest as a means to commit cyber crimes.
Roberts, P. RSA: Microsoft on ‘Rootkits’: Be Afraid, Be Very Afraid. [Online, February 17, 2005.] Computerworld Inc. Website. http://www.computerworld.com/ securitytopics/security/story/0,10801,99843,00.html; Symantec Security Response. Rootkit. [Online, November 7, 2003.] Symantec Security Response Website. http://securityresponse .symantec.com/avcenter/venc/data/backdoor.isen.rootkit.html.
A type of Trojan that keeps itself, other files, registry keys and network connections hidden from detection. It enables an attacker to have "root" access to the computer, which means it runs at the lowest level of the machine. A rootkit typically intercepts common API calls. For example, it can intercept requests to a file manager such as Explorer and cause it to keep certain files hidden from display, even reporting false file counts and sizes to the user. Rootkits came from the Unix world and started out as a set of altered utilities such as the ls command, which is used to list file names in the directory (folder). Legitimate Rootkits? Rootkits can also be used for what some vendors consider valid purposes. For example, if digital rights management (DRM) software is installed and kept hidden, it can control the use of licensed, copyrighted material and also prevent the user from removing the hidden enforcement program. However, such usage is no more welcomed than a rootkit that does damage or allows spyware to thrive without detection. See Trojan.