Home / malwarePDF  

Rootkit:W32/Rootkit


First posted on 19 September 2009.
Source: SecurityHome

Aliases :

There are no other names known for Rootkit:W32/Rootkit.

Explanation :

A program or set of programs which hides itself by subverting or evading the computer's security mechanisms, then allows remote users to secretly control the computer's operating system.

Additional DetailsThis is the Rootkit General Information page.

A rootkit is usually a standalone software component that attempts to hide processes, files, registry data and network connections. Rootkits are typically not malicious by themselves but are used for malicious purposes by viruses, worms, backdoors and spyware. A virus combined with a rootkit produces what was known as full stealth viruses in the MS-DOS environment.

Typically rootkit functionality is achieved by using kernel-mode driver. In this scenario, malware drops a driver file on disk and loads it in kernel space. Once loaded, the driver is instructed to hide the malicious actions.

Some rootkits can also operate from user mode. It this case, the malware usually drops a DLL file on disk and loads it in all processes. In rare cases, the rootkit doesn't need any external files to operate.

Examples of pure rootkits are Hacker Defender and FU. Some spyware/adware programs such as EliteToolbar, ProAgent, and Probot SE also use rootkit techiques. Some Trojans such as Haxdoor, Berbew/Padodor and Feutel/Hupigon, and also some worms e.g. Myfip.h and the Maslan-family can also utilize rookit functions.

Last update 19 September 2009

 

TOP