The term rootkit has been around for more than 10 years. A rootkit is a “kit” consisting of small and useful programs that allow an attacker to maintain access to “root,” the most powerful user on a computer. In other words, a rootkit is a set of programs and code that allows a permanent or consistent, undetectable presence on a computer.
In definition of “rootkit,” the key word is “undetectable.” Most of the technology and tricks employed by a rootkit are designed to hide code and data on a system. For example, many rootkits can hide files and directories. Other features in a rootkit are usually for remote access and eavesdropping—for instance, for sniffing packets from the network. When combined, these features deliver a knockout punch to security.
Visit The Online Rootkit Magazine for more details on this security topic.