Rootkit is one or more tools designed to covertly keep control of a computer. These can be programs, files, processes, ports, and any logical component that allows the attacker to maintain access and control of the system.
The rootkit is not an evil software in itself, but it allows to hide the evil actions that develop in the computer, both through an attacker and also hiding other malicious codes that are working in the system, like worms or Trojans. Other threats incorporate and merge with rootkit techniques to decrease the probability of detection.
Rootkits are usually responsible for hiding the processes of the system that are malignant. They also try to disable any type of security software. Hidden activities are not always explicitly malicious. Many rootkits hide logons, process information, or records.
Initially the rootkits appeared in the UNIX operating system and were a collection of one or more tools that allowed the attacker to obtain and maintain access to the user of the most privileged computer (on UNIX systems, this user is called * root * and “There’s your name.” In Windows-based systems, rootkits have been associated in general with tools used to hide programs or processes from the user. Once installed, the rootkit uses operating system functions to hide itself, so that it is not detected and is used in general to hide other harmful programs.
A rootkit directly attacks the base operation of an operating system. On Linux, modifying and working directly on the system kernel. On Windows, intercepting the operating system APIs (programming Application interface). These, interact with the user and the kernel; In this way, the rootkit manipulates the kernel without working directly on it as in the case of free software.
There are other types of rootkits, which pursue the same purpose: hide activities in the system. BootRootkits Attack the boot sector and modify the boot sequence to be loaded into memory before loading the original operating system. Other rootkits attack, instead of the operating system, directly the applications using patches or injections of code and modifying their behavior with respect to the usual.