ECS Computers

In this post, we will be covering Rootkits and Bootkits. These are two of the trickiest types of malware to detect and remove.

But before we start let’s talk about kernels. A kernel is a computer program at the core of a computer’s (or phone’s or tablet’s) operating system and has control over everything. The types of malware we’re looking at today aim to mess around with that kernel.

Popcorn kernels
Computer kernels are far less tasty than popcorn.

Rootkits
Rootkits are a type of stealth malware. The ‘root’ part of the name originated from the traditional admin account on Unix-based operating systems – a.k.a an account that had access to everything. The ‘kit’ part of the name relates to the components that implement the malware.
Nearly all rootkits work in the same way:

  1. They bury themselves deep within the kernel.
  2. The rootkit then either executes a worm onto the device or opens up a backdoor to it so hackers can get in.

It’s as simple as that, and rootkits are extremely hard to trace because they hide right in the most important program with the biggest reach. In most cases where a rootkit has infected a device, a full reinstall of the operating system is usually required to fully remove it – wiping all your data and settings.

Empower Your Business: Request a Network and Cloud Consultation for Tailored Solutions.

 

Bootkits
Bootkits are very similar to rootkits, but instead of infecting the kernel, they go for the Master Boot Record (MBR) or the Volume Boot Record (VBR).
MBRs and VBRs are records stored in your computer’s disk that help to start (or ‘boot’) your operating system from the hard drive when you first turn on your computer. By getting to these records, the malware can load before your operating system. It can change the way your computer runs, infect documents and create a backdoor just like a rootkit.

They also get stored in protected mode within the system memory. This means they’re even harder to remove than rootkits as you could do a full system reboot and the sneaky bootkit would remain active and running.

Worried your home or business isn’t well enough protected against the threat of malware? We can help – give us a call on 01553 692727 to talk to one of our engineers and find out how we can help!

Leave a Reply