Since early 2005, rootkits have been one of the most intriguing aspects of the malicious code industry. We've all known about rootkits for ages, on both Windows and Unix/Linux OSs, but this writer first encountered one in the wild in early 2005. If you have grown up children, and you're good at computers, it turns out that you get to be Tech Support Of Last Resort. If ever they have a machine at work that they can't clean, they bring it home to dad. One afternoon in March 2005, I encountered the first machine that I couldn't clean, and in fact, I killed it trying. In time, I came to understand that it was a rootkit. I started digging around to find out about them, and have been fascinated ever since.
What's a rootkit?In simple terms, a rootkit is code that modifies the operating system, so that it controls the operating system, and it typically uses that control to hide from things that would like to remove it, for example, anti virus or anti spy programs.