- 1. What is a trojan? No it’s not a wooden horse in your computer. It’s a malicious program in your computer. How do they get on your computer? Mostly through email and surfing the internet. No, not necessarily dating sites, gambling sites or porn sites, although these types of sites can be really good venues to get infected by. If the web server at pickasite.com is infected, then you could potentially get infected by visiting that site. Trojans are very nasty pests. They can do many things and here’s the kicker, you could have one on your laptop or desktop and not even know it for days…unless you scan with your anti-virus and anti-spyware software daily. Scary huh? Here is a a good definition of trojan: A destructive program that masquerades as a benign application. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. One of the most insidious types of Trojan horse is a program that claims to rid a computer of viruses but instead introduces viruses onto the computer.
2. What is a rootkit? Well this is even nastier and more harmful than the trojan. I’ve seen systems infected with a rootkit that totally commandeered aspect of the system. When infected with a rootkit, we say “you no longer own your computer”. If you suspect rootkit activity, run your anti-virus program. If this doesn’t help, call me. Here is a good definition of rootkit: A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators by subverting standard operating system functionality or other applications. The term rootkit is a concatenation of “root” (the traditional name of the privileged account on Unix operating systems) and the word “kit” (which refers to the software components that implement the tool). The term “rootkit” has negative connotations through its association with malware. Typically, an attacker installs a rootkit on a computer after first obtaining root-level access, either by exploiting a known vulnerability or by obtaining a password (either by cracking the encryption, or through social engineering). Once a rootkit is installed, it allows an attacker to mask the ongoing intrusion and maintain privileged access to the computer by circumventing normal authentication and authorization mechanisms. Although rootkits can serve a variety of ends, they have gained notoriety primarily as malware, hiding applications that appropriate computing resources or steal passwords without the knowledge of administrators and users of affected systems. Rootkits can target firmware, a hypervisor, the kernel, or—most commonly—user-mode applications. Rootkit detection is difficult because a rootkit may be able to subvert the software that is intended to find it. Detection methods include using an alternate, trusted operating system; behavioral-based methods; signature scanning; difference scanning; and memory dump analysis. Removal can be complicated or practically impossible, especially in cases where the rootkit resides in the kernel; reinstallation of the operating system may be the only alternative.