We previously defined a rootkit (sometimes spelled as “root kit”) as “any type of software that is difficult to detect and remove since it operates on the same “level” as the computer’s operating system.” This is a highly simplified definition as rootkits are far more complex than most other malware. The word root kit comes the words “root” (the deprecated name of administrative access accounts for operating systems) and “kit” (as in a bundle or group of software tools).

A rootkit is a bundled group of software that is created to access a computer’s core functions while masking its presence from users. Worse yet, a rootkit can be installed without the user knowing it or performing an enabling action (this is not typical of most malware and one of the reasons why rootkits are so insidious). They can also be “deployed” be system intruders and left to take over the infiltrated system. System access is gained in the usual way for this latter method (e.g., social engineering, brute-force password hacking, etc.).

Once a rootkit is functioning and in place, it’s very difficult to remove or even detect. Moreover, detection or removal often requires special software in the first place. The reason for this is this malware’s particular nature. Rootkits are designed to be invisible and achieve this goal by sabotaging efforts by security software to find them. Worse, actually removing such malware ranges from the very hard to the outright impossible. Some rootkits are designed to infect the firmware (the hard-coded software which allows devices to operate in the first place) of a piece of hardware. When this happens no matter of effort to remove, the malware from your computer will work. You need to either replace the infected component entirely or use expensive methods of eradication.

Once installed a rootkit then goes about what task it was programmed to do. This can vary greatly as such malware is quiet flexible in its capabilities. For example, rootkits might grant access to a system to unauthorized users or obfuscate other malware (e.g., key loggers) to make it harder to detect. Companies worried about illegal copies of their product have even used rootkits in a “legal” manner. (There was a huge scandal in 2005 when Sony pulled this exact tactic.)

Guarding against an infection is mostly a matter of preventing unauthorized access to your system in the first place. Thus strong passwords, active security software, and other preventative measures provide your fist line of defense. Should you find yourself in the unlucky position of having a rootkit infection there are numerous tools available to use (e.g., Microsoft Malicious Software Remover). Unfortunately, such software can only remove a fraction of the rootkits out there. Though, security companies are creating new and better methods of detection and removal on a daily basis to combat this crafty form of malware.