Rootkits

What is a Rootkit?

A Rootkit is an application, that hides its presence or presence of another application (virus, spyware, malware) on the computer, using some of the lower layers of the operating system, which makes them hard to detect by common anti-malware software. A Rootkit can get to a computer using various ways. The most common way is through some trojan horse or some suspicious email attachment. Also surfing the web may result in installation of a rootkit, for example when "special" plugin (pretending to be legitimate) is needed to correctly view some webpage, to launch some file. If you believe your system is infected with a Rootkit. IT always recommends that you rebuild your system; this ensures that the system will be clean. If a rebuild is not a possibility IT helpdesk has disks that can clean the rootkit off of the system.

ZeroAccess Rootkit

1. Exploit pack attack vector. When your browser accesses a loaded website the server backend will attempt to exploit a vulnerability on the target machine and execute the payload. Exploit packs usually contain a great many different exploits targeting applications commonly found on Windows PCs such as Internet Explorer, Acrobat, Flash and Java. Keeping your system UPDATED will help prevent your system from getting compromised.

2. Social engineering.  At the heart of these is the goal of convincing a victim into running an executable that they should not. The lure is often a piece of illicit software such as a game or a copyright protection bypassing tool such as a crack or keygen. These Trojanised files are placed on upload sites and on torrents and given filenames designed to trick the unwary into downloading and running them. Also, be on the look out for suspicious emails that have links to sites that are unfamiliar.