Chto takoe rutkity
Rootkits appeared 20 years ago. Their task is to get onto the user’s computer undetected to further assist attackers to introduce malicious programs and at the same time remain incognito for a long time. Rootkits can make the following elements invisible to the system and antivirus:
- files;
- processes;
- entries in the register;
- addresses of memory cells;
- network connections, etc.
Thus, these programs can hide the effect of viruses on the system and provide remote access to scammers to the infected computer, even if you have installed antivirus.
A rootkit often penetrates along with malicious tools:
- keylogger;
- thief of saved passwords;
- a scanner that collects information about bank card data;
- functionality for blocking or completely disabling the anti-virus system;
-a controlled bot that carries out DDoS attacks;
- backdoor functions that open a window for hackers to complete control over the infected computer.
At the moment, the most active rootkits are:
- TDSS;
- ZeroAccess;
- Alureon;
- Necurs.
Types of rootkits
Rootkits fall into three main categories:
- User-level rootkits. They work like regular applications. Some of them have the ability to start on their own when you turn on the computer.
- Kernel level rootkits. They receive maximum rights to manage the OS. After such a rootkit penetrates a computer, the user practically loses the reins of control over the OS and PC as a whole.
- Bootkits that start working even before the system is fully loaded. Thus, they receive unlimited rights to act.
Rootkits get onto your computer:
- when downloading files and programs from pirated sites;
- together with emails (spam);
- when using a flash drive with infected files, etc.
How to secure your system from rootkits?
To protect yourself from a possible attack by intruders, you must not neglect simple security rules:
- You must use software to protect against rootkits. This could be AVG Anti Rootkit or ComboFix.
- You should pay attention to complaints about spam being sent from your computer and take action immediately;
- If your computer is still infected, you need to disconnect it from the network. Next, copy important files to the USB flash drive and reinstall the system.
- Immediately after installing the OS, start working with Tripwire. The main defense against rootkits will still be simple prevention - the use of special programs that control the behavior of malware and ignoring suspicious sites.