Rootkits

A rootkit is a type of virus - and the most dangerous one to date. It hides virus files in the system, so that virus scanners either can't find it, or don't recognize it as a virus. A rootkit will prevent the virus files from showing up in Windows Explorer as well, and choosing the 'show hidden files' option won't help. They don't even show as running processes in the task manager. They are like the wind - present, but not seen.

Believe it or not, a reputable company started the entire mess. Sony was using rootkits back in 2005 to protect their software from being copied. The rootkits hid the files that were used for copy protection. Of course, it didn't take long for Hackers to find this code, and use it to their advantage. You see, any file that begins with $sys$ is invisible to the naked eye on your system.

Naturally, creators of viruses started making their own rootkits. These rootkits were distributed to other hackers, who in turn distributed them via viruses that had various payloads as well. Rootkits were delivered with these viruses in the usual way - through email attachments and downloads.

Think about your own virus scans. Do you take the time to have the software scan the boot sector of your hard drive? If not, you should. Some rootkits can hide in the boot sector. This means that the rootkit loads every time you reboot your system. A rootkit can even hide from itself! When it is in the boot sectors, it can take over the operating systems kernel, which is a program that controls the basic functions of the hardware. Once it has that control, it has effectively taken full control of your system, and even higher level operating system programs won't detect it.

Fortunately, vendors are working on software that will effectively combat rootkits. Currently, you can get RootKitRevealer, which was created by SysInternals for free. It isn't perfect, but it's a start.