A rootkit is a group of malicious computer programs designed to get access to a target machine and frequently conceals its own existence or that of other programs. The name “rootkit” is made up of the words “kit” and “root,” which together represent the privileged account on Unix-like operating systems (which refers to the software components that implement the tool).
A rootkit can be installed by an attacker directly or remotely by exploiting a known vulnerability. Once installed, it hides and runs with administrator privilege. Rootkit detection is difficult because a rootkit intercepts operating system calls by antivirus and return a good version of the software. It either duplicates or replaces OS system files making it difficult to detect it.
Methods of Detection:
- Behavioural-based methods
- signature scanning,
- Integrity scanning by taking snapshots
- Memory dump analysis.
The usual solution is to reinstall the operating system.
When dealing with firmware rootkits, removal may require hardware replacement or specialized equipment.
This malware when installed on the target, monitor the Target for every action and report to the remote attacker. Cookie stealing, Password stealing, identity theft, information theft are few attacks which are common using spyware
These are malicious software which restricts access to computer system files and folders asking for an online ransom amount to remove the restrictions.
Usually, they encrypt the data, making the user pay them a huge ransom to get the decrypted data.