RootkitsThe newest form of malware (malicious software) to be developed is called a rootkit. Rootkits are perceived by many experts to be more dangerous than other forms of malware because of the level of difficulty associated with removing them. A rootkit is a piece of malware designed to give an attacker "root" or administrative access to a victim's computer. With root access, an attacker can perform a variety of tasks on the computer including:
In many ways, a rootkit acts like a Trojan horse or spyware. One of the primary differences, however, is its ability to hide itself. It can do this by disguising the files associated with the infection or by changing registry entries to lead the operating system or other programs to recognize the rootkit as a normal file. This allows rootkits to hide themselves from anti-virus and anti-spyware software. Some rootkits have even been known to make configuration changes to the anti-virus software itself so that the malicious files are scanned as normal. At least one form of software is using an attached rootkit to avoid detection by anti-spyware programs. This technique makes the already ubiquitous "Cool Web Search" even harder to locate and remove. You can read more about the Cool Web Search rootkits in this article on SecureFlorida.org. Unfortunately, rootkits are so difficult to find and remove that in some cases the only way to remove them is to reinstall the operating system. Secure Florida recommends that you contact a computer support professional if you believe you have been infected by a rootkit before reinstalling the operating system yourself. More information about rootkits can be found at Wikipedia.com. Also read about The University of Connecticut's discovery of a rootkit on their system. |
MENU
MEMBERS LOG-IN
EVENTS
Check our calendar for C-SAFE classes and important training events. Subscribe in your Google calendar.
National Threat Level
|
© 2010 Secure Florida |
