Rootkits are a malware inventor’s dream: They are created to allow worms, bots, and other malevolent software to hide in plain sight. Rootkits are designed to hide themselves from detection by users and security programs, so they don’t show up in Windows Explorer, the running processes don’t display in the Task Manager, and many antivirus programs can’t find rootkit-hidden malware. Which is precisely why malware writers increasingly use them to hide malware.
A rootkit is a special program that buries itself deep into an operating system (like Microsoft Windows) for malicious activity and is extremely difficult to detect. The malicious software operates in a stealth fashion by hiding its files, processes and registry keys and it can be used to create a hidden directory or folder designed to keep it out of view from a user’s operating system and security software.
Attackers can then use the rootkit to hide their malicious software, which can range from spyware to keylogger software that can steal sensitive information from users’ computers. Rootkits can allow criminals to remotely monitor, record, modify, steal and transfer any information entered or stored on a user?s computer, disabling some PC firewalls and evading some traditional security products at will.
Rootkits often bury themselves via other computer infections and then modify the operating system of the infected PC. They are often almost undetectable and extremely difficult to remove. Detecting a rootkit on a Windows PC is not unlike shining a flashlight at objects in a darkened room, and then trying to identify each object by the shadow it casts on the wall.
Rootkits are rapidly becoming more prevalent, more virulent and more sophisticated, security experts warn. The complexity in rootkits is growing at a phenomenal rate, allowing malicious software to bury deep and potentially go undetected inside Microsoft’s Windows platform. Rootkits have grown over the past five years from 27 components to 2,400, according to a report from April 2007.
This means that there are more ways attackers can use these components to hide their malware and it means that the use of rootkits is increasing. One security company recorded a 62 percent annual increase in rootkit activity in 2006 and predicted an increase of around 40 percent 2007. Another security company that surveyed 291,000 users in October 2007 warned that increasing numbers of PC users are falling victim to rootkit infections.