Is a Rootkit just a Trojan?

Discussion in 'malware problems & news' started by Mild_Manered, Jul 16, 2012.

Thread Status:
Not open for further replies.
Page 2 of 2
  1. treehouse786

    treehouse786 Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    1,411
    Location:
    Lancashire
    see above.

    everyone is never going to agree, lets leave the above quote as a fitting end to this thread.
     
    treehouse786, Jul 18, 2012
    #26
  2. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,390
    Another way - the simplist way - is to regard a trojan as a means of delivering a payload aka a rootkit (or other type of malware).

    -- Tom
     
    lotuseclat79, Jul 19, 2012
    #27
  3. Mild_Manered

    Mild_Manered Registered Member

    Joined:
    Jun 16, 2012
    Posts:
    40
    Location:
    usa
    True that, lotuseclat79. When my system use to get infected (usually) with Trojans, before getting a router and Sandboxie, the Trojan would normally drop cookies that I needed to clean along with the malware. Supposedly though, Rootkits can be delivered by other types of malware besides Trojans.
     
    Mild_Manered, Jul 19, 2012
    #28
  4. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    Rootkits are not new and have been around for decades on Unix (the term "rootkit" actually refers to Unix's root account).

    For years most desktop Windows systems had no notion of privileged or "root" accounts (as Unix does). Everything ran as "root" by default. Thus back then all malware automatically had root access and could do whatever it pleased. This was before UAC and all of that stuff.

    Back then people just considered them trojans. Suddenly in the mid 2000's the term "rootkit" got borrowed from Unix by the AV companies to denote a "new" threat, when in fact it was the same threat that had been happening all along. If malware has root access it can do whatever it pleases, hide itself, mess with the kernel, etc.

    The main difference is these days a lot of Windows malware attempts to hide itself, delete logs, etc. Traditional trojans in the Win95-98-ME days weren't so inconspicuous, mainly because they weren't as sophisticated. But there's no reason malware back then couldn't be considered "rootkits." It's just the term didn't become popular until the Vista days.

    But rootkits that hide themselves have been in use on Unix systems long before the Windows world got wind of them. Typically on Unix systems the attacker uses a rootkit *after* he has already compromised the system in some other way. The rootkit merely guarantees him access to the machine at a later time. It is essentially a backdoor that has other functions that allow the deletion of all traces (delete log files, etc.)
     
    chronomatic, Jul 20, 2012
    #29
Page 2 of 2
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...