How does an attacker install a rootkit?

Kurt Dillard, Microsoft

Learn how to detect and remove rootkits in Windows systems with this collection of tips, written by Microsoft's Kurt Dillard. Read one of the several tips below, or return to the main page for the complete list.

How does an attacker install a rootkit?

In order for an attacker to install a rootkit on a system, he must somehow compromise it and gain administrator privileges. He will attempt to accomplish this in a variety of ways. He can:

  • Trick a user into executing malicious code that's embedded in what appears to be a benign download from the Web, such as a game, screensaver or file sharing utility.
  • Figure out an easy-to-guess password.
  • Take advantage of a missing security hotfix.
  • Exploit a poorly configured system.
  • Install his rootkit once he gains control of the system.

About the author: Kurt Dillard is a program manager with Microsoft Solutions for Security. He has collaborated on many solutions published by this team, including "Windows Server 2003 Security Guide" and "Threats and Countermeasures: Security Settings in Windows Server 2003 and Windows XP". He has also co-authored two books on computer software and operating systems.

Click for the next tip in this series: What's the difference between user-mode and kernel-mode rootkits?

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: