Posts Tagged ‘kernel mode’

RootkitRootKit term historically come from the world of Unix, where this term is a set of tools that a hacker installs them on a compromised computer after the initial access. This is usually hacking tools (sniffers, scanners) and Trojans, replacing the basic utilities Unix. RootKit allows a hacker to gain a foothold in the compromised system and conceal their activities.

In Windows, a RootKit is considered a program that penetrates into the system and hooks system functions, or shall replace the system libraries. Intercepting and modifying low-level API functions in the first place such a program can effectively hide its presence in the system, protecting it from detection by antivirus software and user. In addition, many RootKit can mask the presence of any system described in its configuration of processes, folders and files on a disk, registry keys. Many RootKit installed in your system drivers and services (which of course, are also “invisible”). (more…)