While it is possible to hide malware in a way that will fool even the traditional antivirus/antispyware products, most malware programs are already using rootkits to hide deep on your Windows PC … and they are getting more dangerous! The DL3 rootkit is one of the most advanced rootkits ever seen in the wild. The rootkit was stable and could infect 32 bit Windows operating system; although administrator rights were needed to install the infection in the system. But TDL3 has now been updated and is now able to infect even 64-bit versions Windows!
What is Rootkit
A Rootkit virus is a stealth type of malware that is designed to hide the existence of certain processes or programs on your computer from regular detection methods, so as to allow it or another malicious process privileged access to your computer.
Rootkits for Windows are typically used to hide malicious software from, for example, an antivirus program. It is used for malicious purposes by viruses, worms, backdoors, and spyware. A virus combined with a rootkit produces what as known as full stealth viruses. Rootkits are more common in the spyware field, and they are now also becoming more commonly used by virus authors as well.
They are now an emerging type of Super Spyware which hide effectively & impact the operating system kernel directly. They are used to hide the presence of a malicious object like trojans or keyloggers on your computer. If a threat uses rootkit technology to hide it is very hard to find the malware on your PC.
Rootkits in themselves are not dangerous. Their only purpose is to hide software and the traces left behind in the operating system. Whether this is normal software or malware programs.
There are basically three different types of Rootkit. The first type, the “Kernel Rootkits” usually add their own code to parts of the operating system core, whereas the second kind, the “User-mode Rootkits” are especially targeted to Windows to startup up normally during the system start-up, or injected into the system by a so-called “Dropper”. The third type is MBR Rootkits or Bootkits.
When you find your AntiVirus & AntiSpyware failing, you may need to take the help of a good Anti-Rootkit Utility. RootkitRevealer from Microsoft Sysinternals is an advanced rootkit detection utility. Its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit.
Read: Microsoft’s observation on Rootkits.
Ported from WinVistaClub and updated & posted here.