Rootkits Malware Attacks

Microsoft® Windows OS
Advisory ID:
November 22, 2021


Rootkits are one of the most damaging types of malware. They are very difficult to detect & remove and provide the Threat Actors almost complete access to the target computer. A hacker who installs a rootkit into a computer can access & steal data, delete or corrupt files, spy on all system activities, modify programs, etc. Since rootkits remain constantly hidden and avoid detection, most commercially available anti-virus software is ineffective against them.

Description & Consequence

Most rootkits open a backdoor on victims' systems to introduce malicious software including viruses, ransomware, keylogger programs or other types of malware or to use the system for further network security attacks. Rootkits often attempt to prevent detection of malicious software by deactivating endpoint anti malware and antivirus software. Rootkits are a type of malware that is designed to remain undetected on your computer. But, even if you don't notice them, they're there to allow Cybercriminals to remotely control your computer. Rootkits can include a variety of tools, from programs that allow hackers to steal your passwords to modules that make it simple for them to steal your credit card or online banking information. Rootkits can also enable hackers to circumvent or disable security software and track the keys you press on your keyboard, making it easier for criminals to steal your personally identifiable information (PII). 
Rootkits are installed through the same common vectors as any malicious software, including by email phishing campaigns, executable malicious files, crafted malicious PDF files or Microsoft Word documents, connecting to shared drives that have been compromised or downloading software infected with the rootkit from unsafe websites. You may open an email and download a file that appears to be safe but is in fact a virus. You could also unintentionally download a rootkit via an infected mobile app.

Successful installation of rootkits in a system will allow cybercriminals to:
a. Remotely control your computer.
b. Gain unauthorized access to your computer.
c. Install programs that allows them to steal your passwords, credit cards and online banking information.
d.To circumvent or disable security software and track the keys you press on your keyboard, making it easier for them to steal your PII
e. Create a persistent state of presence that makes it difficult or impossible to shut them down, even with a system reboot.
Symptoms of infection
a.  An anti malware application that just stops running indicates an active rootkit infection.
b. If Windows settings change without any apparent action by the user, the cause may be a rootkit infection. Other unusual behavior, such as background images changing or disappearing in the lock screen or pinned items changing on the taskbar, could also indicate a rootkit infection.
c.  Unusually slow performance or high central processing unit usage and browser redirects may also point to the presence of a rootkit infection.
d.  Computer lockups, These occur when users cannot access their computer or the computer fails to respond to input from a mouse or keyboard.
e.  A large volume of Windows error messages or blue screens with white text (sometimes called “the blue screen of death”), while your computer constantly needs to reboot.


Like any other type of malware, the best way to avoid rootkits is to prevent it from being installed in the first place. Sometimes erasing your computer's operating system and rebuilding from scratch is the only way to completely remove a well-hidden rootkit.
a.   Apply the latest updates to operating systems and apps.
b.  Educate your employees so they can be wary of suspicious websites, emails, links and attachments.
c.    Avoid the use of pirated software or materials on compromised websites which are used to distribute malware when the sites are visited.
d.  Avoid opening unfamiliar files you find on suspect drives,     including Office and PDF documents and executable files.
e.  Back up important files regularly. Use the 3-2-1 rule. Keep     three backups of your data, on two different storage types, and     at least one backup offsite.
f.  Be wary when connecting to public hot spots, particularly     those that do not require authentication.
g.  For further technical assistance, contact ngCERT on




Related Articles