Such a rootkit modifies the Windows kernel. That’s what makes any kernel mode rootkit so dangerous and so difficult to detect and remove. Thus, kernel mode rootkits essentially operate as if they were part of Windows itself. Privileged programs and the operating system run in kernel mode, which can make direct access to operating system resources and can interact directly with other operating system services.
(The most renowned rootkit, Hacker Defender, is an example of a user mode rootkit.) In the Windows operating system, ordinary programs run in user mode, which can only make mediated calls on operating system services and resources. Generally, rootkits can be divided in two categories: user mode and kernel mode. The term rootkit is a concatenation of ‘root’ (the traditional name of the privileged account on Unix-like operating systems) and the word ‘kit’ (which refers to the software components that implement the tool).” Please note that the term “tool” in the previous sentence refers to the rootkit itself and reflects the increasing tendency for malware creators to make use of code libraries and various other kinds of programming building blocks to construct such things, including rootkits.
Wikipedia defines a rootkit as “a collection of computer software, typically malicious, designed to enable access to a computer or areas of its software that would not otherwise be allowed (for example, to an unauthorized user) and often masks its existence or the existence of other software.
0 kommentar(er)
