Root Love // Cyberpunk NIFO

As simple the name sounds, so complex is the infestation. Rootkits are programs that are infested on computers that allow someone to extract admin-level access to the system without the knowledge or consent of the end user. Basically rootkits allow a person other than the user to administratively control the computer.

Rootkits have two main functions:

• Remote control through back door
• Software eavesdropping

Because rootkits allow for a third party administrator control, legitimate or otherwise, the back end user can execute files, get access to logos, monitor user activities and even change the computer configuration. Rootkits are considered malware but the fact is left to themselves, they are not malicious at all.

Propagation of Rootkits
Contrary to popular belief, rootkits can’t propagate on their own. Rather, they have to be a part of what is called a ‘blended threat’. A blended threat has 3 parts to it – dropper, loader and rootkit.

The dropper is what starts the installation process. When someone activates the dropper, it launches the loader program and then deletes itself. Consequentially, the loader program causes a buffer overflow and loads the rootkit into the system memory.

Henceforth, rootkits spread through social engineering tools like IM or other rich content files like PDF documents etc.

Types of Rootkits

User-mode Rootkit
They are the ones that run on a computer with administrative privileges. They can alter security mechanisms and hide processes, files, network ports, system drives and services. It copies required files on the hard drive and launches it automatically upon every system reboot. This keeps them installed on the infected computer.

Kernel-mode Rootkit
Rootkits running on user-mode can be detected by softwares running on kernel modes. Hence the inception of kernel-mode rootkits! It directly conquers the operating system. It takes infestation to a new level. However, one flipside of kernel-mode rootkits is that they are instable.

User-mode/Kernel-mode Hybrid Rootkit
It combines the easiness and stability characters of user-mode rootkits and the stealthy characters of kernel mode rootkits. This is very popular than the former two.

Firmware Rootkits
These rootkits can be of any type with a surplus advantage of hiding in firmware when the computer is shut down and reinstalling itself every time the computer is restarted. The most intriguing feature is even if detection software identifies and eliminates it, it can get back yet again whenever the computer is switched on again.

Virtual Rootkits
They are almost invisible and act in a manner similar to software implementation of hardware sets. However, because of its complexity other modes are more preferred over virtual rootkits.

Symptoms of Rootkit Infection
The most frustrating thing about rootkits is that they are difficult to detect and even experts have a hard time locating them. Here are some symptoms that may hint that your system has been infested.

• The computer gets locked or fails to respond to inputs from the mouse or keyboard
• Windows’ settings change without notice
• Web pages fail to function effectively because of excessive traffic

There are a variety of removal tools available in the market and it depends upon the sophistication of rootkits how easily your computer can be cleaned.
Maneet Puri is the managing director of LeXolution IT Services, a reputed web development company based in India. He leads his team of custom web designers to create powerful websites for their clients.

Maneet Puri is the Director of LeXolution IT Services, a leading web design firm in India that specializes in web designing and development, website maintenance and internet promotion. With 10 years of industry experience to boast of Maneet advises his clients on hiring offshore web designing services.