Kaspersky Internet Security Center

The Rootkit Virus: What It Is, What It Does, and How to Avoid It

Rootkit Image

Malware has evolved far beyond old-school computer viruses and worms. Malicious software these days is more diverse, complex and destructive than ever. The rootkit virus is a key example: A bundle of individual programs, this deceptive threat may hide in the registry, BIOS, or somewhere else deep within your system. The longer it goes undetected, the harder it is to undo its damage.

How a Rootkit Works

As its name implies, a "rootkit" is installed at the root level of the operating system, which ultimately enables it to operate in stealth mode. Because antivirus software runs at the application level, these tools are incredibly difficult to detect. Being installed at the core of the system enables this type of malware to cause direct harm to the target machine. For example, it may steal data or gain complete control of the system, all without the user or even administrators noticing a thing.

A skilled programmer gone rogue can design a rootkit virus to change how an operating system handles applications and processes, essentially rendering it blind to the infection. It typically begins by changing critical system components such as configuration files, daemons and drivers, which is done to mask it from antivirus scanners. A rootkit can inflict some of its most severe damage by altering the system to accept the attacker's login information even when it has been changed by an administrator. At this point, the attacker has command of the system from virtually anywhere.

Rootkit Virus Prevention

As with malware in general, the best protection against a rootkit is prevention. This malicious program is often born from a payload executed by a virus or Trojan, so users are advised to be extra cautious when downloading email, software or other content from the Internet. Although a rootkit must be triggered by an administrator, all it takes is the execution of a single driver, script or program from an untrusted source to wreak utter havoc on your system.

These infections can be difficult to remove, so prevention is always the best method of defense. It is not uncommon for rootkits to rewire settings to the point where even the best antivirus software is ineffective at removing them. Luckily, a new breed of anti-malware software is emerging, solutions that are specifically designed to combat the ever-evolving array of complex threats. The ideal rootkit remover will scan the depths of your computer to detect and completely remove the most persistent of troublemakers from the system.

Not all rootkits are created evil. In fact, some companies use them for the purposes of remote monitoring and system management. However, they have been followed by controversy even when used in ethical fashion, with Sony's usage being one of the best-known examples. Ethical arguments aside, this is one malicious critter that home and business users want to avoid at all costs.