Summary
Computer attackers use RootKits to keep backdoor access and hide on systems. RootKits replace existing operating system software with Trojan horse versions. RootKits are therefore both Trojan horses and backdoors. They don't let an attacker conquer root privileges in the first place, but instead, let the bad guys keep root after they get it using some other means. Most RootKits are suites of tools that replace a variety of functions on the target operating system. User-mode RootKits replace binary executables or libraries, whereas kernel-level RootKits manipulate the kernel itself.
The term RootKit is derived from the superuser account on UNIX, the target operating system for the original RootKit tools. Now, RootKits are available for ...
Get Malware: Fighting Malicious Code now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
