A rootkit is a collection of software tools that cybercriminals can use to gain all the privileges (administrator rights) of a computer or network without being detected.
“Root” is the term for the administrator in certain operating systems. In other words, for the user who is equipped with all authorizations. A rootkit is supposed to give a cybercriminal all the privileges of the root user. There are now rootkits for almost all operating systems. Even for those where the administrator is not referred to as “root”. The operating principle is nevertheless identical.
Because rootkits give cybercriminals administrator privileges, compromised systems can be used for many cyber incidents : spying on the computer or its network, stealing documents and passwords, further attacks on new targets, and DDoS attacks.
Rootkits are programmed to cover their digital tracks. This is because cybercriminals want to hide the existence of the rootkit from legitimate users of the compromised system. Rootkits cannot spread on their own. Other malicious programs (malware) are used for this purpose, e.g. infected email attachments. Rootkits are basically malware. In the field of copy protection, companies such as Sony have also used the technology of rootkits . They came under criticism for this, because even the presence of a rootkit in a system represents a security gap.
Because rootkits can penetrate very deeply into the compromised system, they are very difficult to detect and eliminate. Even very good virus programs can be deceived by rootkits.
Since rootkits are designed to be as inconspicuous as possible, you will hardly encounter them in your everyday work – even if your computer is infected. More likely, you will learn about a scandal in which companies have used the technology of rootkits.
Many cyber risk reduction measures also reduce the risk of a rootkit being installed on your computer or system. Since rootkits can be transmitted via strategically placed “forgotten” USB sticks, among other things, it is very important to sensitize employees . Detecting and eliminating existing rootkits is complex. Talk about this specifically with your IT department.
