Rootkits

What is a Rootkit?

A rootkit is a type of malicious software that enables privileged access to a computer, hides the existence of processes, programs, files and user accounts and is very difficult to be detected because it subverts the software that tries to find it. Usually is very complicated or even impossible to remove a rootkit, especially a kernel rootkit.

Types of rootkits

User mode rootkits run in Ring 3 along with other applications. User mode rootkits usually inject a .DLL file on Windows, or a .dylib file on Mac OS X or inject into other processes.

Kernel mode rootkits run in Ring 0 usually as device drivers or modules.