Problem solve Get help with specific problems with your technologies, process and projects.

What are rootkit threats and how can I identify them in Windows?

What are rootkit threats and how can I identify them in Windows?
Rootkits are applications hackers install (or social engineer you into installing) in order to obtain control of the computer and basically do anything they want to on it. Rootkits have their roots (pun intended) in UNIX but are becoming more popular in Windows with rootkits such as FU and the AFX Windows Rootkit 2003. The programs tie into the OS allowing hackers to modiy system environment variables, hide malicious code in commonly used system programs, hide system processes and more. There are a few basic ways to identify them:

  • Use anti-spyware tools such as PestPatrol and SpyBot to detect the files loaded onto the system.
  • Manually run MD5 hashes on system files and compare them to known good ones.
  • Use host-based IDS software such as Tripwire to detect file changes.
  • Use personal firewall software application protection to detect malicious network communications going out of the computer.
  • Use a network analyzer and inspect protocols used, and even the packets entering or leaving the host for malicious behavior.
  • Dig Deeper on Enterprise desktop management

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.