Rootkit
Definition
Malware designed to hide its own presence by subverting the operating system's reporting functions. User-mode rootkits hook API calls; kernel-mode rootkits modify kernel data structures. Detection requires analysis from outside the infected OS, typically via bootable forensic media or hypervisor-based inspection.
Related terms
- Command and control (C2)
- The channel through which an attacker sends instructions to malware on a compromised host and receives data back. C2 channels range from...
- Dropper
- A malware component whose sole function is to deliver and install a secondary payload. The dropper itself may be a trojan, a...
- Payload
- The action the malware performs once active: data encryption (ransomware), credential theft (banking trojan), resource hijacking (cryptominer), or system destruction (wiper). The...
- Persistence mechanism
- The technique malware uses to survive a reboot or user logout. Common methods include registry run keys, scheduled tasks, Windows services, cron...
- Propagation mechanism
- The method by which malware copies itself to new hosts. Viruses attach to host files; worms exploit network services autonomously; trojans rely...
Explained in
- Malware Taxonomy: Viruses, Trojans, Ransomware and MoreMalware designed to hide its own presence by subverting the operating system's reporting functions. User-mode rootkits hook API calls; kernel-mode rootkits mod...