Ask the Expert

What are rootkit threats and how can I identify them in Windows?

What are rootkit threats and how can I identify them in Windows?
Rootkits are applications hackers install (or social engineer you into installing) in order to obtain control of the computer and basically do anything they want to on it. Rootkits have their roots (pun intended) in UNIX but are becoming more popular in Windows with rootkits such as FU and the AFX Windows Rootkit 2003. The programs tie into the OS allowing hackers to modiy system environment variables, hide malicious code in commonly used system programs, hide system processes and more. There are a few basic ways to identify them:

  • Use anti-spyware tools such as PestPatrol and SpyBot to detect the files loaded onto the system.
  • Manually run MD5 hashes on system files and compare them to known good ones.
  • Use host-based IDS software such as Tripwire to detect file changes.
  • Use personal firewall software application protection to detect malicious network communications going out of the computer.
  • Use a network analyzer and inspect protocols used, and even the packets entering or leaving the host for malicious behavior.
  • This was first published in August 2004

    There are Comments. Add yours.

     
    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: