PC Software / Security

Security professionals and enthusiasts are aware of rootkits, but general audiences typically don’t know about this kind of malware, which is specifically designed to hide itself and its activity in an infected system. This threat is well worth public awareness as there’s a high chance of you possibly meeting this malware in the future. Cybercriminals are constantly developing new methods to steal your data and actively sell these methods to each other.

What makes a rootkit invisible? It’s not that complicated to explain: malware tries to integrate its code deep into an operating system and intercept all standard requests for file reading, obtaining the running process list, etc.  A rootkit processes such requests and removes any mention of files, processes and other traces related to its activity.  Other techniques are utilized as well – e.g. a rootkit can inject some code into a legitimate process and use that process memory to do its dirty work.  That allows a rootkit to remain invisible to less advanced antivirus solutions, which work on a high level of OS requests and don’t try to dive deeper into the OS or other low-level hardware structures. If an antivirus managed to detect a rootkit, the malware could try to deactivate the protection and delete some critical antivirus components. Some of the more crafty rootkits even use live-bait fishing technology – creating a special file to be detected by an antivirus. As soon as the antivirus software accesses that file, the rootkit has tried to shut the antivirus down and prevent it from future execution.

How can you stop this mess? First of all, to detect any suspicious activity, your antivirus must monitor critical system files on a low level, thus catching malware trying to modify the hard drive. It’s possible to find new rootkit that are still unknown to your antivirus just by comparing computer activity as seen on the OS level with results of low-level monitoring. Secondly, it’s crucial to have sufficient antivirus self-protection so malware cannot deactivate your product. And last, but not least, an antivirus has to remove 100% of rootkit components, even those injected into critical files of the OS. It’s impossible to solve this problem just by deleting files – this renders the OS nonfunctional, so your antivirus would remove those files without affecting the original functionality.

So make sure your protection meets these requirements before saying “I know, what a rootkit is and I am sure that my antivirus solution efficiently protects me from this threat.”

Contact us to purchase your Kaspersky Protection to ensure you do not get caught out 🙂

Reproduced by kind permission of Kasperky Labs

Steve P

I started on computers back in the days of the Sinclair ZX81 and Spectrum, back when people were coming to terms with how great their new digital watch was. Even though I worked in DIY Shops, Fancy Goods, the building trade, DJ'ing etc, my main interest and passion was always in coding, graphics and games. I decided to take the plunge into computer shops in the mid 90's and in 2003 set up my own computer business. I have a simple work ethic which is I prefer to make a little money often, rather than charging a fortune and losing customers. This has proven to work for me and my customers. In all the years I have traded I have never advertised and yet each week, I get new customers through recommendations - there is no higher praise :)

Related Posts

Just got this from Kaspersky – Information about recent Microsoft Security Updates

Intel Meltdown bug – MS fix and your Anti-Virus may cause your system to crash!

Steps on how to avoid Ransomware

What are your thoughts?

%d bloggers like this: