- Application Security Basics
- Agile Security
- App Security Testing
- Application Control Audit
- Application Protection
- Application Security Assessment
- Application Security Best Practices
- Application Security Risk
- Application Security Tools
- Application Testing Tool
- Automated Web Testing
- Automated Penetration Testing Tools
- Black Box Analysis
- Blackbox Test
- Black Box Testing
- Blackbox Testing Techniques
- Cloud-based Security
- Code Review Tools
- Code Security Analysis
- CWE
- DAST Test
- Data Breach
- Data Loss Prevention Guide
- Data Security
- Ethical Hacking
- Gray Box Testing
- IAST
- Mobile app security testing
- Network security tools
- Open Source Risk
- OWASP Testing Tools
- OWASP Top 10
- Penetration Testing
- SaaS Application Security
- SaaS Application Monitoring
- SDLC Agile
- Secure Applications
- Security Review Software
- Software Audit
- Software Code Security
- Software Security
- Software Testing
- Software Testing Process
- Software Testing Tools
- Source Code Analysis
- Source Code Security Analyzer
- Static Analysis
- Static Code Analysis
- Third-Party Risk Assessment
- Unit Testing
- Vulnerability Assessment
- Vulnerability Assessment Software
- Vulnerability Management
- Vulnerability Scanning Tools
- Web App Penetration Testing
- Web Application Audit
- Web Application Monitoring
- Web Application Scanning
- Web Application Security Testing
- Web Application Testing
- Web Application
- Web application scanner
- Web pen testing
- What is Third-Party Software?
- AppSec Policies
- Advanced Application Security
- Agile Software Development Lifecycle
- Agile SDLC
- Android Security
- DAST Assessment
- DevOps Security
- DevOps Testing
- DevSecOps
- JavaScript Security
- Linux Hacking
- Microservices
- Mobile App Testing
- Ruby Security
- Secure Development
- Secure DevOps
- Secure Web Application Development
- Software Development Lifecycle (SDLC)
- Web Application Penetration Testing
- Development
- Web Application Flaws & Vulnerabilities
- Application Vulnerability
- ARP Spoofing
- Buffer Overflow
- Computer Worm
- Credentials Management Flaws
- CRLF Injection
- Cross Site Scripting Prevention
- Cross Site Scripting Vulnerability
- Cross-Site Request Forgery
- Cross-Site Scripting
- CSRF Token
- Directory Traversal
- Encapsulation
- Error Handling Flaws
- Failure to Restrict URL Access
- Insecure Cryptographic Storage
- Insufficient Transport Layer Protection
- Keylogger
- LDAP Injection
- Malicious Code
- Man in the Middle Attack
- Mobile Code Security
- Open Source Vulnerabilities
- OS Command Injection
- PHP SQL injection test
- Preventing XSS
- Race Condition
- Reflected XSS
- Rootkit
- Session management
- Spoofing Attack
- Spyware
- SQL Injection Scanner
- SQL Attacks
- SQL Injection .NET
- SQL cheat sheet
- SQL Injection
- SQL Injection Java
- What is a worm
- What is SQL Injection
- Remediation Guidance
- Miscellaneous
APPLICATION SECURITY
Knowledge Base
Search Our Knowledge Base
AppSec Knowledgebase Categories >
Home AppSec Knowledgebase Rootkit: What is a Rootkit?
Rootkit: What Is a Rootkit, Scanners, Detection and Removal Software
What Is a Rootkit?
A rootkit is a clandestine computer program designed to provide continued privileged access to a computer while actively hiding its presence. The term rootkit is a connection of the two words "root" and "kit." Originally, a rootkit was a collection of tools that enabled administrator-level access to a computer or network. Root refers to the Admin account on Unix and Linux systems, and kit refers to the software components that implement the tool. Today rootkits are generally associated with malware – such as Trojans, worms, viruses – that conceal their existence and actions from users and other system processes.
What Can a Rootkit Do?
A rootkit allows someone to maintain command and control over a computer without the computer user/owner knowing about it. Once a rootkit has been installed, the controller of the rootkit has the ability to remotely execute files and change system configurations on the host machine. A rootkit on an infected computer can also access log files and spy on the legitimate computer owner’s usage.
State of Software Security 2023
Rootkit Detection
It is difficult to detect rootkits. There are no commercial products available that can find and remove all known and unknown rootkits. There are various ways to look for a rootkit on an infected machine. Detection methods include behavioral-based methods (e.g., looking for strange behavior on a computer system), signature scanning and memory dump analysis. Often, the only option to remove a rootkit is to completely rebuild the compromised system.
Rootkit Protection
Many rootkits penetrate computer systems by piggybacking with software you trust or with a virus. You can safeguard your system from rootkits by ensuring it is kept patched against known vulnerabilities. This includes patches of your OS, applications and up-to-date virus definitions. Don't accept files or open email file attachments from unknown sources. Be careful when installing software and carefully read the end-user license agreements.
Well-Known Rootkit Examples
- Lane Davis and Steven Dake - wrote the earliest known rootkit in the early 1990s.
- NTRootkit – one of the first malicious rootkits targeted at Windows OS.
- HackerDefender – this early Trojan altered/augmented the OS at a very low level of functions calls.
- Machiavelli - the first rootkit targeting Mac OS X appeared in 2009. This rootkit creates hidden system calls and kernel threads.
- Greek wiretapping – in 2004/05, intruders installed a rootkit that targeted Ericsson's AXE PBX.
- Zeus, first identified in July 2007, is a Trojan horse that steals banking information by man-in-the-browser keystroke logging and form grabbing.
- Stuxnet - the first known rootkit for industrial control systems
- Flame - a computer malware discovered in 2012 that attacks computers running Windows OS. It can record audio, screenshots, keyboard activity and network traffic.