What are rootkit threats and how can I identify them in Windows?

What are rootkit threats and how can I identify them in Windows?
Rootkits are applications hackers install (or social engineer you into installing) in order to obtain control of the computer and basically do anything they want to on it. Rootkits have their roots (pun intended) in UNIX but are becoming more popular in Windows with rootkits such as FU and the AFX Windows Rootkit 2003. The programs tie into the OS allowing hackers to modiy system environment variables, hide malicious code in commonly used system programs, hide system processes and more. There are a few basic ways to identify them:

  • Use anti-spyware tools such as PestPatrol and SpyBot to detect the files loaded onto the system.
  • Manually run MD5 hashes on system files and compare them to known good ones.
  • Use host-based IDS software such as Tripwire to detect file changes.
  • Use personal firewall software application protection to detect malicious network communications going out of the computer.
  • Use a network analyzer and inspect protocols used, and even the packets entering or leaving the host for malicious behavior.
  • This was first published in August 2004

    Dig Deeper on Network intrusion detection and prevention and malware removal



    Find more PRO+ content and other member only offers, here.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.



    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: