Rootkit :
It is collection of different tools/programs which enables administrator-level access for a computer or over network. It is popular tool generally used by a hacker.
Once hackers gets user-level access, either by exploiting a known vulnerability or cracking a password they may install this rootkit after installing hacker mask intrusion and gain root or privileged access to your computer and, possibly, other machines on the network.
Generally it consists of network sniffers, log-cleaning scripts, and trojaned replacements of core system utilities such as ps, netstat, ifconfig, and killall. It may also consist spyware and other programs that monitor traffic and keystrokes; create a “backdoor” into the system for the hacker’s use; alter log files; attack other machines on the network; and alter existing system tools to escape detection.
Once your system get infected by rootkit you may loose your control over your machine or network which may bring some disaster for your machine or network.
Webmasters calls such infected machines as “ ROOTED †or “ COMPROMISED †machines.
How to detect whether your machine is infected or not ?
As a webmaster you should always keep an eye on such illegal installations which will kill your network/machine. There are number of vendors, such as Microsoft, F-Secure, and Sysinternals and many others who provides applications that can detect the presence of rootkits.
Some of popular tools are Rootkit Hunter and Chkrootkit.
If a rootkit is detected on your machine, then best way to get rid of it is to completely erase the computer’s hard drive( format disk ) and reinstall the operating system.
Tags: What is rootkits