Traditionally these were in the realm of Unix machines, but there are now Windows versions. A system taken over by a rootkit is said to have been "rooted" (so shouldn't a compromised Windows box be referred to as having been "Adminned"?).
The original rootkits installed modified binaries of tools and or libraries that you might use to detect their presence. The modified "lsof", for example, might happily show you all system activity except the spamming mailserver that was busily using your resources to annoy the rest of the world. Corruption like this isn't necessarily easy to find, but the more modern kits are much worse: they don't bother with applications, but go right to the kernel. There, they can intercept anything and everything, hiding information or changing it.
A very dark thought is expressed at https://www.securityfocus.com/news/2879 with regard to Windows kernel rootkits. These have supposedly been rare, but:
Greg Hoglund, a California computer security consultant, believes intruders have been using Windows root kits covertly for years. He says the paucity of kits captured in the wild is a reflection of their effectiveness -- not slow adoption by hackers. "It's happening now," says Hogland. "People don't realize that it's happening, but in the next two or three years we're going to see a lot more of this activity."
And of course Linux isn't immune to this kind of thing either: https://infosecuritymag.techtarget.com/articles/april01/columns_tech_talk.shtml.
It's a scary world, isn't it? Probably yet another reason to do fresh installs instead of upgrades when the time comes..
Got something to add? Send me email.
More Articles by Tony Lawrence © 2009-11-07 Tony Lawrence
The object-oriented model makes it easy to build up programs by accretion. What this often means, in practice, is that it provides a structured way to write spaghetti code. (Paul Graham)