RootKits


Rootkits are malicious programs that are designed to change key configurations in operating systems, cause problems with programs, files, or Internet usage, record information (using a keylogger), and conceal their tracks secretively. The purpose of rootkits are to steal information, disrupt business functions (change key configurations), and achieve respect in the attacker community. When a user is not paying attention, a rootkit can easily be downloaded and installed either by opening e-mail attachments from unknown sources, clicking on pop-up windows, or by opening new programs installed on the computer. Prevention tips include: setting the operating system/anti-virus to update automatically, turning on the system firewall, configuring the internet to block cookies or pop-ups, declining to open e-mail from unknown sources, not clicking on pop-ups, checking before running recently installed unknown programs, and scanning the computer regularly. Signs that your computer may be infected include: slowness, either accessing programs, saving files, or during the booting up process, or noticing that files are missing, have been renamed, corrupted, or that new programs have been installed.

The majority of users have very little knowledge of what a rootkit is, or the damage they can do. Rootkits originally were used for gaining access to a computer system that crashed becasue no alternative method of access was available. Today their function is more malicious than what they were previously designed for. Currently, rootkits are built to install themselves, and then conceal their tracks, change configurations in the operating system, and possibly install spam, keyloggers, Trojans, or viruses. Also, rootkits can be used to make copies of files on the computer and send it to many destinations, change Internet settings, or just makes a user’s life miserable. Average users would never discover that the computer is compromised, because rootkits are inserted in a section of the computer system that an average user would never visit. Scanning the computer is a preventive option, but the rootkit can be deeply embedded in the computer’s directory that most scanning tools would never locate it. To determine if a rootkit is installed take the infected system to a professional computer repair person that has the knowledge and experience to search for the rootkit.
To prevent from being infected with a rootkit, a user should ensure that the operating system and anti-virus programs are configured to be updated automatically with the most current version, and firewalls are turned on to prevent unwanted communication with additional outside devices.  In the web browser, set the security for “cookies” to med-high or high in the Internet options, ensure other third party programs (Adobe/Java/Flash player) on the system are up to date, and don’t click on pop-ups. Another prevention tip is to never open e-mail from unknown sources or even if the source is trusted, cautiously read the subject line.  If it is too good to be true it usually is!  Additionally, do not open newly installed programs that were not installed by the user, these could be potentially hazardous and wreak havoc on the computer.  Regularly scan the system for viruses, worms, Trojans, or rootkits, and when a user is finished with the internet turn off the router or unplug the wire from thefromthe computer for the internet connection. Disconnecting the wire or shutting off the router connection prevents all communication from occurring.
Symptoms of rootkit infection include: files that have been changed or renamed, new programs that have been installed that were not installed by the user, and pop-up windows that are occurring.  Additionally, the rootkit can block specific programs from running, make the computer run slow, and is constantly rebooting.  If a user experiences any of these items, run an anti-virus scan, then, if the problem still exists, take the computer to a professional computer repair person.  These people can look into the directory of the computer to isolate the problem and try to remove it.
Rootkits are dangerous and should not be treated lightly.  They have the ability to corrupt or rename files, change configurations in the operating system, install viruses, worms, Trojans, etc.  Configuring the operating system and anti-virus to update automatically, turning on the firewall, and updating programs on the system, help prevent rootkits from being installed on the system. Disconnecting the system from the router is the most important item a user can do when finished using the internet because this prevents all communication occurring between the computer and the network.