Rootkit first appeared 20 years ago. These kind of program allows hackers to access and steal information from users’ computers without being detected. This term is used for different malware tools, specifically designed to stay hidden, infect computers and control the PC remotely.
Not all cyber threats are as easy to detect and eliminate as Trojan Horses. In fact, there are some that not even your cyber protection software is capable of detecting. If your computer suddenly runs very slow, if your RAM is always low, even with a single browser tab open, or if the Blue Screen of Death appears frequently, your PC may have been infected with an invisible threat, a rootkit.
Despite being around for a quarter of a century, in one form or another, the history of today’s rootkits can be traced back to the mid 1990s, the onslaught of UNIX rootkits and stealth DOS viruses. . The first rootkits for Windows were detected around the turn of the century, and among the most notable examples are Vanquish, which recorded the passwords of its victims, and FU, which ran in kernel mode and was used to modify the structure of the system.
There are two main types of rootkits called: user mode and kernel mode, although there are also other variants, although less common.
▸User Mode Rootkits
User mode rootkits are the furthest from the core of your computer and only affect the software on your PC. They are much easier to detect and remove than any other rootkit. Commonly called application rootkits, they replace the executable files of standard programs such as Word, Excel, Paint or Notepad. In this way, every time you activate an infected .exe file in your applications, you will allow hackers to access your computer.
▸Kernel Mode Rootkits
Unlike application rootkits, kernel mode rootkits are among the most severe types of this threat, as they attack the very core of your operating system. Hackers use them not only to access files on your computer, but they can also change the way your operating system works by adding their own code.
Rootkits can be installed using various methods, but the most common is by exploiting a vulnerability in the operating system or in an application on the computer. Hackers target their attackers against known and unknown vulnerabilities in the operating system and applications; using an exploit that controls the machine. Then they install the rootkit and configure a few components that provide remote access to the PC.
[…] also:Rootkit – What you should know about it?Cold Boot Attack – A risk to our […]