A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed. Removal can be complicated or practically impossible, especially in cases where the rootkit resides in the kernel. A rootkit can also be installed after having obtained root or Administrator access.
About Rootkit in brief
A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed. Once installed, it becomes possible to hide the intrusion as well as to maintain privileged access. Removal can be complicated or practically impossible, especially in cases where the rootkit resides in the kernel. The first documented computer virus to target the personal computer, discovered in 1986, used cloaking techniques to hide itself. The Stuxnet worm was the first to target programmable logic controllers. In 2005, Sony BMG published CDs with copy protection and digital rights management software called Extended Copy Protection, created by software company First 4 Internet. The software included a music player but silently installed a rootkit which limited the user’s ability to access the CD. The rootkit hid from the user any file starting with \”$sys$\”. Soon after, malware took advantage of that vulnerability of affected systems. In the United States, a class-action lawsuit was brought against Sony B MG. In 2004, intruders installed arootkit targeting Ericsson’s AXE telephone exchange. According to Ericsson, the perpetrators were the perpetrators of the Greek wiretapping case of 2004–05, also referred to as Watergate, involved the illegal tapping of more than 100 telephone phones on the Vodafone network belonging to the Greek government and top-ranking civil servants. In 2009, the first rootkit targeting Mac OS X appeared in 2009, while the firstRootkit targeting Windows NT appeared in 1999.
The term rootkit or root kit originally referred to a maliciously modified set of administrative tools for a Unix-like operating system that granted ‘root’ access to the system. In 1983, Ken Thompson of Bell Labs, one of the creators of Unix, theorized about subverting the C compiler in a Unix distribution and discussed the exploit. The modified compiler would detect attempts to compile the Unix login command and generate altered code that would accept not only the user’s correct password, but an additional ‘backdoor’ password known to the attacker. This exploit was equivalent to aRootkit. The termrootkit has negative connotations through its association with malware, and is often used to refer to malicious software that can be difficult to detect or circumvent. When dealing with firmware rootkits, removal may require hardware replacement, or specialized equipment. Removal of the operating system may be the only available solution to the problem. The removal of the firmware rootkit may requireHardware replacement, and specialized equipment to remove the firmwareRootkit can be tricky to remove, especially when dealing with firmware that has been modified to hide its location on the disk. A rootkit can also be installed after having obtained root or Administrator access. This means that existing software can be modified, including software that might otherwise be used to detect and circumvent it. These first-generationRootkits were trivial to detect by using tools such as Tripwire that had not been compromised to access same information.