What is a rootkit and types of rootkits?

Rootkit is a type of malware which stays hidden. It is a difficult task for the user of the computer to locate a rootkit.

Here are the types of rootkits: Kernel rootkit, Hardware or Firmware rootkit, Hypervisor or Virtualized rootkit, Library rootkit, Boot loader rootkit or Bootkit, Memory rootkit and User or Application rootkit.

1) Kernel rootkit: It is a type of rookit which hides as a kernel module which can be loaded or as a device driver in the operating system. Even if the device driver is updated the rootkit still manages to stay in there.

2) Hardware or Firmware rootkit: This type of rootkit hides in the firmware. A firmware rootkit is activated if a BIOS function is called or when the machine is booted.

3) Hypervisor or Virtualized rootkit: A hypervisor rootkit runs the operating system as a virtual machine. It changes the boot sequence of the computer. When the computer is booted the hypervisor is executed in the hardware. Then, operating system is started in a virtual machine.

4) Library rootkit: A library rootkit hides itself in the system library. This type of rootkit can change arguments of system calls.

5) Boot loader rootkit or Bootkit: A boot loader rootkit or bootkit is the one which infects Master Boot Record. It replaces a regular boot loader with a boot loader which is in the control of the bootkit.

6) Memory rootkit: A memory rootkit is the one which hides itself in the memory (RAM).

7) User or Application rootkit: A user or application rootkit hides itself in the application program. It hides with other application programs in the user mode. A user rootkit doesn’t have access to the kernel.

Leave a Reply