A rootkit is a type of malware that can hide the existence of certain processes or programs.
These processes or programs can evade normal methods of detection. If your computer is infected with a rootkit it will reload itself each time your computer is restarted.
If an attacker can gain root or Administrator access they can install a rootkit. This can be done by exploiting a known vulnerability, aquiring a password or by social engineering. Emails with attachments are one of the most common attacks. A seemingly innocent attachement can carry a dangerous payload. Once the malware is installed it becomes possible to hide the intrusion as well as to maintain privileged access. Most rootkits disable or circumvent software that might otherwise be used to detect it.
A ‘clean boot’ and scan or reinstallation of the operating system may sometimes be the only available solution to this type of infection.
FAQ Category: Glossary of terms used