Almost everyone knows about computer viruses nowadays. A lot of people are afraid to get infected by them. It is also not a surprise that they might also have heard about worms, trojans and other nasties which are nasty programs which spread to infect other computers.
However, it is fascinating that a rootkit works in a very different manner. It is primarily designed to gain control of your desktop by hiding deep inside via stealth mode. Unlike viruses, it is not directly disruptive or destructive.
So what does a Rookit do?
What it does do, is provide access to all your folders – both private data and system files – to a remote user who, through administrative powers, can do whatever he wants with your computer. Needless to say, every user should be aware of the threat they pose.
They try to go deeper than an average infection. A few have been found which are designed to infect the computer BIOS. No computer is safe from it, it can even affect Linux and Apple Machines. In fact, the first rootkit ever written was for Unix!
The earliest known rootkit is in fact two decades old. However, now that every home and every work desk has a computer that is connected to the internet, the possibilities for using the full potential of a rootkit is only just being realized.
Possibly the most famous case so far was in 2005, when CDs sold by Sony BMG installed rootkits without user permission that allowed any user logged in at the computer to access the administrator mode. The purpose of that rootkit was to enforce copy protection (called “Digital Rights Management” or DRM) on the CDs, but it compromised the computer it was installed on. This process could easily be hijacked for malicious purposes.
What makes it different from a virus?
More often than not, its main objective is to control your computer and not to destroy. Of course, this control could be used to delete data files, but it can also be used for more nefarious purposes.
Nowadays, rootkits run at the same privilege levels and even circumvent most antivirus programs. This makes them that much harder to remove as the computer cannot decide on which program has a greater authority to shut down the other.
So how I might get infected with a rootkit?
Most of the time, a rootkit is bundles with another program so it can piggyback using the software
that you thought you trusted. When you give this software permission to install on your computer, it also inserts a process that waits silently in the background for a command. And, since to give permission you need administrative access, this means that your rootkit is already in a sensitive location on the computer.
Another way to get infected is by standard viral infection techniques – either through shared disks and drives with infected web content. This infection may not easily get spotted because of the silent nature of rootkits.
There have also been cases where rootkits came pre-installed on purchased computers. The intentions behind such software may be good – for example, anti-theft identification or remote diagnosis – but it has been shown that the mere presence of such a path to the system itself is a vulnerability.