Rootkits
Note: This article was written several years ago and some information may be out of date.
There are plenty of security threats to your computer and your personal information. Viruses, Spyware, Adware . . . and now rootkits. Actually rootkits are nothing new, they have been around at least since the early nineties. But they have only recently come into the limelight after the big Sony snafu. ((UPDATE: 9-25-2007) And now another Sony scandal! You would think they would have learned a lesson the first time...) If you haven't heard about it by now just do a google search for Sony rootkit, there are plenty of pages out there that explain it so I won't go into great detail about it here. Suffice it to say that if you have played a Sony music CD on your PC that required the installation of additional software to play it, you very likely have a rootkit on your computer.
What is a rootkit?
A rootkit is a set of software programs used to obtain root privileges on the computer to (1) perform unauthorized functions, (2) hide its existence, and (3) exploit its systemwide access. The rootkit itself does not usually cause any damage to the computer system, but it hides the presence of other programs (like Trojan Horse viruses and Spyware).
Rootkits are particularly difficult to find because you can't depend on your operating system to show you what is really there. Since rootkits generally compromise the system files to show you only what they want you to see, even antivirus software and antispyware programs cannot be counted on to find a rootkit. ((UPDATE: 8-29-2009) A good antivirus program like avast has a built-in rootkit detector that checks for suspicious rootkit type behavior each time the computer boots.)
So there are three problems to overcome in the fight against this threat. The first is to find out if you have a rootkit on your system, second is removing the rootkit, and third is finding and removing whatever malicious software the rootkit was hiding.
How do I know if I have one?
The good news is that there are downloadable tools for checking your system for a rootkit. Some of the scanners available for a Windows system are:
avast antivirus
RootkitRevealer from Sysinternals
Blacklight from F-Secure
Panda AntiRootkit
As rootkits become more advanced, these detection tools will improve to keep pace with them, and likely other security companies will release their own scanners to find rootkits.
How do I get rid of a rootkit?
(Edited: 9-25-2007)The last scanner mentioned above - Panda - is the one I have been using recently with very good results removing rootkits. The important thing is to remove any rootkits first, THEN run antivirus and antispyware programs to check for any items that were hidden by the rootkit.
Most security experts agree that rootkits are still rare compared to viruses and spyware, but that could change in the next year or two as the rootkit technology advances and virus writers begin using them as part of their program packages to hide their presence. (Edited: 9-25-2007) In the last year since I wrote the initial article, I have seen an increase in the number of rootkits hiding a virus.
Computer Rootkit Removal News
Hacker breaks into ATMs, dispenses cash remotely - ZDNet (blog)
 Moneycontrol.com | Hacker breaks into ATMs, dispenses cash remotely ZDNet (blog) ... a rootkit that dispensed cash on demand. Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. ... Remote Jackpot – Hacking ATMs ATM hack gives cash on demand Security researcher demonstrates ATM hacking |
Black Hat shines light on security (roundup) - CNET
 ITBusiness.ca | Black Hat shines light on security (roundup) CNET Defcon demo to show rootkit running on an Android-based smartphone that could give an intruder full access to all the functions of the device. by n3td3v ... Black Hat: Targeted network security attacks beating forensics efforts What to Watch at Black Hat and Defcon |
BitDefender's 2010 Security Trends - Arab Times
BitDefender's 2010 Security Trends Arab Times Tofsee slammed both Skype and Yahoo Messenger users: this highly complex piece of malware featured a rootkit component to protect its code against removal ... |
New rootkit threatens all versions of Windows - NetworkWorld.com
 The Hindu | New rootkit threatens all versions of Windows NetworkWorld.com How will I know if my computer is infected? By shawn (not verified) on Mon, 07/19/2010 - 3:47pm. well then they could just sell you the security to locate ... Zero-day Vulnerability Allows USB Malware to Run Automatically Microsoft Warns Of Attacks Exploiting Windows Shell Flaw Microsoft confirms Windows shortcut zero-day exploit |
Written by Aunty Virus - Rundtownnews.co.uk
Written by Aunty Virus Rundtownnews.co.uk Sounds like you could have some nasty spyware John, or worse, a rootkit virus (the most evil kind of virus). The first thing to do is download and update ... |