Este artigo do IT-Observer contém uma explicação geral sobre a função e risco relacionado aos rootkits. É uma boa introdução sobre o assunto:
“Rootkits are Internet-based threats that have recently been discussed at great length, basically in the light of the fact that a large company distributed a rootkit with some of its products.
But, what exactly is a rootkit? Why are rootkits so dangerous? Is it true that they cannot be removed from systems? We are going to try to give answers to these questions and lay various myths to rest.
The word “rootkit” comes from the two words “root” and “kit”. Root refers to the user with maximum rights in UNIX systems (this can be UNIX, AIX, Linux, etc.). This person is called the “super-user”, the “administrator”, or one of a host of other names. Specifically, it represents the highest level of authority present within a given IT system. On the other hand, the “kit” is a group of tools, so a rootkit is therefore a group of tools with a root category.
In practice, rootkits are programs which, once installed on a system, carry out the necessary modifications to be able to carry out the tasks programmed into them without being detected. “
https://www.it-observer.com/articles.php?id=1014
Leia também: Detectando Rootkits
