A Rootkit is a set of techniques (one or more pieces of software) for creating (usually unauthorized) access to a machine. The goal of these Rootkits is to go under the radar and be as stealthy as possible.
What is this name "RootKit"?
The term "Root" is given to the superuser or master administrator in UNIX and UNIX-like systems. Roughly speaking, a "RootKit" is a "Kit" allowing to become a "Root".
What is the purpose?
So we are talking about a stealth kit that allows you to install a remote access on your machine with the "right to do everything". Worrying, isn't it? And what is even more worrying is that it can be hidden in another software, a library or in the kernel of an operating system. Some rootkits are even resistant to formatting because they can get into the BIOS directly.
A rootkit can host a wide range of malware such as :
- Spyware : to monitor user activity.
- Keylogger : to record what is typed on the keyboard.
- Backdoors : to keep a permanent access to the machine.
- Botnets : to participate in phishing campaigns or carry out DDoS attacks.
As you can see, a RootKit is a real Swiss army knife for a pirate!
What are the types of rootkits?
- Rootkit kernel mode : This rootkit will try to hide itself in the heart of the operating system. Difficult to detect, it allows an extended control of your computer.
- Rootkit user mode : This rootkit operates on the computer's application level. It hijacks processes, manipulates software and compromises your data.
- Rootkit bootloaders : This rootkit will try to infect the MBR (Master Boot Record). It will then be able to run before the operating system is loaded.
- Firmware Rootkit : This rootkit accesses your firmware, which controls specific devices such as routers, PC devices, ...
- Rootkit hypervisor : This rootkit is able to run your operating system in a virtual machine. It will be able to intercept communications between the hardware and the operating system.
How to identify if your computer has been infected?
Here are some tips:
- Your operating system is behaving strangely: crashing or slow response
- Changes in your computer settings
- Irregularities affecting your Internet connection: higher than usual network traffic
Protect yourself from rootkits
- Beware of unknown files
- Download your software only from trusted sources
- Install system updates as soon as possible
- Use external drives and USB sticks with care
- Perform a rootkit scan at least once a month
How to remove rootkits?
- Use third-party tools such as anti-virus and anti-rootkit applications
- In some cases, you will need to reinstall your operating system
- In the case of firmware, boot or kernel rootkits, third-party software may not be effective. You may have to back up your data, wipe your system and reinstall everything again to get rid of it