“Rootkits are newer than other types of malware. They did not
appear until around 1990. A rootkit is a type of malware that
modifies or replaces one or more existing programs to hide
traces of attacks. Although rootkits commonly modify parts
of the operating system to conceal traces of their presence,
they can exist at any level —from a computer’s boot instructions
up to the applications that run in the operating system.
Once installed, rootkits provide attackers with easy access
to compromised computers to launch additional attacks.
Rootkits exist for a variety of operating systems, including Linux, UNIX, and Microsoft
Windows. Because there are so many different types of rootkits, and because they effectively
conceal their existence once installed on a machine, they can be diff cult to detect
and remove. Even so, identifying and removing rootkits is crucial to maintaining a secure
system. A host-based IDS can help detect rootkit activity, however, if you do detect a rootkit on your system, the best solution is often to restore the operating system from the original media. This requires rebuilding and restoring user and application data from backups, assuming these exist. This becomes more difficult if you have not completely documented the system. Preventing unauthorized access, which can enable an attacker to install a rootkit, is far more effective than attempting to remove an installed rootkit.” (Kim and Solomon, 2012)
Kim, D. and Solomon, M. (2012). Fundamentals of Information System Security, Jones & Bartlett Learning.
eText: ISBN-10 1-4496-4248-9
Image Provided by Veracode.