By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
What are rootkit threats and how can I identify them in Windows?
Rootkits are applications hackers install (or social engineer you into installing) in order to obtain control of the computer and basically do anything they want to on it. Rootkits have their roots (pun intended) in UNIX but are becoming more popular in Windows with rootkits such as FU and the AFX Windows Rootkit 2003. The programs tie into the OS allowing hackers to modiy system environment variables, hide malicious code in commonly used system programs, hide system processes and more. There are a few basic ways to identify them:
Use anti-spyware tools such as PestPatrol and SpyBot to detect the files loaded onto the system.
Manually run MD5 hashes on system files and compare them to known good ones.
Use host-based IDS software such as Tripwire to detect file changes.
Use personal firewall software application protection to detect malicious network communications going out of the computer.
Use a network analyzer and inspect protocols used, and even the packets entering or leaving the host for malicious behavior.