Cyber Security

What is a rootkit? And how to stop them

Computer viruses and other malware are real threats. And rootkit might be the most dangerous, both in the damage they can cause and the difficulty you might have in finding and removing them.

Rootkits are a type of malware that are designed so that they can remain hidden on your computer. But while you might not notice them, they are active. Rootkits give cyber criminals the ability to remotely control your computer.

Rootkits can contain a number of tools, ranging from programs that allow hackers to steal your passwords to modules that make it easy for them to steal your credit card or online banking information. Rootkits can also give hackers the ability to subvert or disable security software and track the keys you tap on your keyword, making it easy for criminals to steal your personal information.

Because rootkits can hijack or subvert security software, they are especially hard to detect, making it likely that this type of malware could live on your computer for a long time causing significant damage. Sometimes the only way to completely eliminate a well-hidden rootkit is to erase your computer’s operating system and rebuild from scratch.

How do rootkits get on your computer? You might open an email and download a file that looks safe but is actually a virus. You might also accidentally download a rootkit through an infected mobile app.

Here is a look at the different types of rootkits and how you can help protect against them.

Types of rootkits

Here are five types of rootkits.

1. Hardware or firmware rootkit

The name of this type of rootkit comes from where it is installed on your computer. This type of malware could infect your computer’s hard drive or its system BIOS, the software that is installed on a small memory chip in your computer’s motherboard. It can even infect your router. Hackers can use these rootkits to intercept data written on the disk.

2. Bootloader rootkit

Your computer’s bootloader is an important tool. It loads your computer’s operating system when you turn the machine on. A bootloader toolkit, then, attacks this system, replacing your computer’s legitimate bootloader with a hacked one. This means that this rootkit is activated even before your computer’s operating system turns on.

3. Memory rootkit

This type of rootkit hides in your computer’s RAM, or Random Access Memory. These rootkits will carry out harmful activities in the background. The good news? These rootkits have a short lifespan. They only live in your computer’s RAM and will disappear once you reboot your system — though sometimes further work is required to get rid of them.

4. Application rootkit

Application rootkits replace standard files in your computer with rootkit files. They might also change the way standard applications work. These rootkits might infect programs such as Word, Paint, or Notepad. Every time you run these programs, you will give hackers access to your computer. The challenge here is that the infected programs will still run normally, making it difficult for users to detect the rootkit.

5. Kernel mode rootkit

These rootkits target the core of your computer’s operating system. Cybercriminals can use these to change how your operating system functions. They just need to add their own code to it. This can give them easy access to your computer and make it easy for them to steal your personal information.

How to defend against rootkits

Because rootkits are so dangerous, and so difficult to detect, it’s important to exercise caution when surfing the internet or downloading programs. There is no way to magically protect yourself from all rootkits.

Fortunately, you can increase your odds of avoiding these attacks by following the same common-sense strategies you take to avoid all computer viruses, including these.

Don’t ignore updates

Updates to your computer’s applications and operating system can be annoying, especially when it seems as if there’s a new update for you to approve every time you turn on your machine. But don’t ignore these updates. Keeping your operating systems, antivirus software, and other applications updated is the best way to protect yourself from rootkits.

Watch out for phishing emails

Phishing emails are sent by scammers who want to trick you into providing them your financial information or downloading malicious software, such as rootkits, onto your computer. Often, these emails will look like they come from a legitimate bank or credit card provider. These messages may state that your account is about to be frozen or that you need to verify your identity. The messages will also ask that you click on a link.

If you do, you’ll be taken to a fake website. Once there, you might accidentally download a rootkit to your computer.

The lesson? Never click on any links supposedly sent from a financial services company. If the message is supposedly coming from a company with which you have no accounts, delete them. If the message comes from a company you do business with, log into your online account or call the company. If there’s really a problem, it should show up on your online account or a customer-service representative will confirm it.

Be careful of drive-by downloads

Drive-by downloads can be especially troublesome. These happen when you visit a website and it automatically installs malware on your computer. You don’t have to click on anything or download anything from the site for this to happen. And it’s not just suspicious websites that can cause this. Hackers can embed malicious code in legitimate sites to cause these automatic downloads.

The best way to help protect yourself? Approve updates to your computer’s software quickly. Set your operating system, browsers, and all applications to install updates automatically so that your computer systems will always have the most up-to-date protections in place.

Don’t download files sent by people you don’t know

Be careful, too, when opening attachments. Don’t open attachments sent to you by people you don’t know. Doing so could cause a rootkit to be installed in your computer.

If you receive a suspicious attachment? Delete the email message immediately.

Concerned about your security? Contact us now.

used with permission from Norton by Symantec
by Dan Rafter

Bryan Antepara

Bryan Antepara: IT Specialist Bryan Antepara is a leader in Cloud engagements with a demonstrated history of digital transformation of business processes with the user of Microsoft Technologies powered by the team of eMazzanti Technologies engineers. Bryan has a strong experience working with Office 365 cloud solutions, Business Process, Internet Information Services (IIS), Microsoft Office Suite, Exchange Online, SharePoint Online, and Customer Service. He has the ability to handle the complexity of moving data in and out of containers and cloud sessions, makes him the perfect candidate to help organizations large and small migrate to new and more efficient platforms.  Bryan is a graduate of the University of South Florida and is Microsoft Certification holder.

Recent Posts

Top 5 Collaborative Tools in Microsoft 365 Drive Productivity and Innovation

In today’s fast-paced digital landscape, businesses cannot thrive without effective collaboration. Microsoft continues its unwavering…

3 days ago

7 Essential Contact Information Tips for Email Signatures to Enhance Your Professional Image

An email signature accomplishes much more than simply telling readers who you are and how…

1 week ago

Maximizing Threat Response Efficiency with Security Copilot

Cyber security professionals work hard to safeguard companies’ information. But with criminals constantly changing their…

2 weeks ago

Why should a firm use DMARC? What is the need?

Domain-Based Message Authentication, Reporting, and Conformance (DMARC) is an e-mail security protocol designed to validate…

3 weeks ago

eCare Cloud Backup is in fashion. It’s the new you!

My job is to manage my law office’s cloud servers here at Justice Freaks.  As…

4 weeks ago

I Think I’m Dating an AI

My worst nightmare would be to date someone who isn’t who they say they are.…

4 weeks ago