Security Encyclopedia

Rootkit

A Rootkit is usually a set of software tools that exploits a device to gain root level permissions, which is the highest level permission in a given computer system.

The term rootkit joins of root and kit. It is a working toolbox of malicious software designed to attain illegitimate root permissions on a target’s machine or network.

Rootkits vary in their type and severity. User Mode Rootkits are superficial in relation to their location to the core operating system, only targeting software applications. Kernel Mode Rootkits are dangerous and run deeper attacking the core of the host machine’s OS. Bootloader Rootkits affect the Master Boot Record (MBR) and or the Volume Boot Record (VBR) of the system although these are retiring as Windows 8 and 10 machines offer a Secure Boot option.

Rootkits are designed to conceal themselves to avoid detection. They can give attackers full control of a compromised computer, and are notable for carrying on undiscovered until they deliver remote access to, and control of, the target device or system.

Example:

“Through a rare technical partnership with the OEM, our MDM gives us tremendous visibility into the devices’ health, including if it’s been compromised by malware or a rootkit. Once we see a device has been rooted, we disconnect it from the network and tell have the employee bring it into our INFRA team.”