AMU Cyber & AI Opinion

Rootkits: The "Stealth" Malware on Your Computers

Pinterest LinkedIn Tumblr

A rootkit – software that provides unauthorized users with a way to gain root/admin level access to your computer – is designed to hide malware on your computer. The rootkit may go undetected by your antivirus and anti-malware software.

Malware hidden by a rootkit escapes detection by disguising itself as a normal file, so it evades the attention of detection software. Malware (malicious software) is an overarching term applied to computer viruses, worms, Trojan horses, ransomware, spyware, adware, scareware and other malicious software.

How a Rootkit Enters Your Computer

Crackers (a malicious type of hacker) commonly install a rootkit on your computer. After the rootkit is in place, they have user access and obtain privilege-level access that masks other actions.

Users of infected computers may detect unusual activities on their devices and attempt a scan, using their antivirus software. However, rootkits remain undetected because they run as processes in order to avoid detection.

Rootkits also compromise administrative access by removing admin access and essentially running the behavior of your computer’s operating system. They fester deep within your computer.

Three Common Rootkit Types

There are three common rootkit types:

  • Alureon – This Trojan software steals data from computer files considered confidential, such as passwords, usernames or credit card data. This software corrupts computers by changing critical files.
  • Sirefef – This Trojan software hides amongst useful files. It downloads and runs unauthorized files, contacts remote hosts and disables security features.
  • Rustock – This legacy Trojan software has multi-component rootkit backdoor capability as part of a family of rootkits. Its purpose is to distribute spam email. It has recently evolved and is now associated with rogue security software.

Removing Rootkits and Malware on Your Computer

Removing a rootkit is not easy; it is never a guarantee whether the software has been truly erased. One technique you can use to detect a rootkit is to examine your Random Access Memory for any suspicious activities. Booting up your computer when it’s in safe mode is another solution; you can also attempt to scan your computer before booting.

If you suspect a rootkit on your PC, be sure to fully back up your data prior to removal attempts.

Other recommended actions include educating yourself about common rootkits and malware and obtaining general knowledge about your PC. Be sure to pay attention when your computer behaves irregularly, such as slowing down or performing in irregular patterns.

Get software to “root out” rootkits and understand how to use them. Rootkit detection software is available from vendors such as McAfee, Norton, BullGuard, Sophos, GMER, aswMBR and Kaspersky. Malware Bytes is also a free and popular software that is used widely.

Finally, the best approach for protecting your computer from rootkits and malware is to install good antivirus and anti-malware software on your computer and keep it current when you first obtain your computer. This will minimize certain types of malware attacks.

Also, minimize the use of your devices by unknown individuals. Be vigilant when using free and publicly available Wi-Fi, which may permit unauthorized intrusion of your devices.

Comments are closed.