You’ve heard of viruses, worms, rootkits, and various other types of malware. You know they’re all bad and you do not want them on your computer. Beyond that, they all blend together for most users. Many people don’t really know why these programs are bad or exactly what they do. Many people wonder, just what can a rootkit virus do to my computer?
To start, rootkits and viruses are different. While they both can be malware, they work differently. A rootkit by itself is not always malware, but does open the door to opportunistic programs. A rootkit is also far more difficult to find and remove than a virus. But how does it hide, and what does it do?
A rootkit installs itself in your computer by hiding among your important files. Instead of adding files, which could then be found and removed by antivirus software, a rootkit will replace certain key files and insinuate itself in your operating system, making it invisible to your antivirus program.
As it nestles comfortably into your system, it helps itself to the highest level of access to your computer — the administrator level access, or “root” access; thus, the “root” in rootkit. But how can it do this without your permission? Chances are, you already gave it permission at that point. Sometimes this software piggybacks onto other applications. When you enter your administrative password to install your new programs, the rootkit comes along for the ride. Once it’s in, it has your system at its disposal.
So what does the rootkit do then? That depends on how and why it was designed. While a virus comes to destroy, a rootkit is much more subtle. Many are intended to do good things, like protect digital media rights or allow antivirus software to update itself remotely.
But when malware sneaks in with the rootkit, it becomes a gateway to allow outsiders to access your files and use your computer. And worse, since it hides so well in your system, anything the outsider wants to do is hidden in the background, not visible to you, the user.
Some of the background things rootkit malware can do include:
- recording your personal information and transmitting it to the outsider
- installing additional malware or viruses onto your machine
- changing your registries
- adding your computer to a bot network
A bot network is a group of computers running hidden programs but controlled for a common purpose. Bots are often used in direct denial of service attacks by having the infected computers continue to load and reload a website until that site’s server shuts down.
It seems farfetched, just from a computer reloading so often, but when a few hundred thousand computers are reloading the same site as fast as they can, the damage can be profound and render the site completely unusable until the attack ends and the servers are restarted.
Basically, once a rootkit gets into your operating system, it can do pretty much anything. The best thing you can do is keep your anti-malware protection up to date and stay away from questionable programs, websites, and email links.