Rootkits might be some of the most dangerous malware because of their ability to go undetected. With the ability to remain hidden, rootkits enable a cybercriminal to remotely control your computer and steal sensitive information like your credit card or online banking credentials. Here’s a detailed look at how rootkits work and how you can protect yourself and your PC.
What is a rootkit?
A combination of the two words, “root” and “kit”, rootkits were originally a collection of tools that enabled administrator access to a computer or network. “Root” refers to the administrator account on Unix and Linux systems, while “kit” refers to the software components designed to take control of a PC without the user knowing. Nowadays, rootkits are considered a type of malware like trojans or worms.
In theory, a rootkit is not necessarily harmful, but what makes it dangerous is that it hides its activities and those of other malware. For example, a rootkit can hide a keylogger that records your keystrokes and secretly sends passwords and other confidential information over the Internet. A rootkit can also allow criminals to use your computer for illegal purposes, such as DDoS attacks or to send mass spam. So, it’s best to think of a rootkit as a kind of cloak of invisibility for other malicious programs.
Types of rootkits
Although rootkits have been around for several decades, they’re continually evolving, becoming increasingly difficult to detect. Some of the most well-known malware families utilize rootkits to avoid detection and removal. For example, Sirefef, Rustock, Cutwail, and the Alureon and Sinowal trojans. Below are examples of some specific types of rootkits:
Kernel mode rootkits target your computer’s core operating system in order to change how it functions. By adding their own code, cybercriminals can gain access to your computer for easy access to your personal information.
Hardware or firmware rootkits are named for where it is installed on your computer. Instead of targeting your operating system, it goes after the software that runs certain hardware components. It can affect your hard drive, the system BIOS, or even your router in order to intercept data written on the disk.
Bootloader rootkits attack your computer’s bootloader and replacing it with a hacked one. This makes it especially dangerous as it’s activated even before you turn on your computer’s operating system.
Memory rootkits hide in the RAM of your computer and will carry out damaging activities in the background.
Application rootkits replace standard files and might change the way standard applications function. They can infect various programs and each time one is run you give the cybercriminal access to your computer.
How can a rootkit be detected?
Detecting a rootkit is quite challenging and, in some instances, they can go undetected even if you know one is hiding on your PC. This is because the extended rights allow rootkits to start before all other programs, including an antivirus program. In doing so it can manipulate processes or exchange data via applications and system services, covering its tracks and avoiding detection by virus scanners. Even very good antivirus solutions sometimes struggle with detecting modern rootkits. Avira Antivirus Pro, however, has a special rootkit scan, which is part of its “complete scan”.
Keeping an eye on how your computer is performing is also important. If it suddenly slows down or certain processes or programs are not functioning properly there is a good chance your computer could be infected with a rootkit or other malware.
How to protect yourself against rootkit malware
Detecting rootkits is a challenge, so of course, the best defense is not to let a rootkit onto your computer, to begin with. Many people have it in mind that they don’t need any protections as there is nothing on their computer a cybercriminal would want. Unfortunately, that’s not the case, cybercriminals are interested in everyone’s data thus the need for powerful antivirus protection that will help protect against malware. Once you have an anti-malware program running that will act as the first protective barrier, then make sure to follow these additional tips below to protect your computer from rootkit malware.
Don’t delay updates
Keep your programs, apps, and operating system up to date to ensure you are running a version with the latest security patches. Either use a software updater or manually set your operating system, browsers, and all apps to automatically install updates.
Be careful of what you download
An important rule of thumb is to only download software from trusted sources to avoid downloading any tag-along malware. Also, pay attention when opening or downloading attachments from emails. It’s best practice to not download any attachments from unknown senders as this could also cause a rootkit to install itself on your computer.
Avoid phishing scams
Be alert for phishing emails that try and trick you into clicking on a link leading you to a fake website where you could accidentally download a rootkit to your computer. Common email phishing scams often impersonate a financial institution like a bank or credit card company. If you don’t recognize the company name, just delete the email. If it comes from an institution where you have an account, go directly to their website to find a legitimate contact to confirm whatever information you have received.
Regularly scan your computer for viruses
Running regular scans of your antivirus program is highly recommendable. There is always the chance you can catch malware that was downloaded but not yet executed from damaging your computer. You can read more about how often you should scan your computer in this blog article that also includes helpful tips direct from threat researchers from the Avira Protection Labs.
This post is also available in: German