What are rootkits?

A rootkit is a piece of software that can be installed and hidden on your computer without your knowledge. It may be included in a larger software package or installed by an attacker who has been able to take advantage of a vulnerability on your computer or has convinced you to download it. Rootkits are not necessarily malicious, but they may hide malicious activities. Attackers may be able to access information, monitor your actions, modify programs, or perform other functions on your computer without being detected.

Why are rootkits a threat?

The main problem with both rootkits is that they are hidden. If a rootkit has been installed, you may not be aware that your computer has been compromised, and traditional anti-virus software may not be able to detect the malicious programs. Attackers are also creating more sophisticated programs that update themselves so that they are even harder to detect. Attackers can use rootkits to access and modify personal information, attack other computers, and commit other crimes, all while remaining undetected. By using multiple computers, attackers increase the range and impact of their crimes.

How is your workstation already protected??

As an agency, here are some of the things done to help protect you.

  • Installing and updating of anti-virus software - Anti-virus software recognizes and protects your computer against most known viruses, so you may be able to detect and remove the virus before it can do any damage. Because attackers are continually writing new viruses, it is important to keep your definitions up to date. Some anti-virus vendors also offer anti-rootkit software.
  • Utilizing hardware and software firewalls - Firewalls may be able to prevent some types of infection by blocking malicious traffic before it can enter your computer and limiting the traffic you. Some operating systems, like modern version of Windows, actually include a firewall, but you need to make sure it is enabled.
  • Encouraging good passwords – All Washington agencies have minimum password requirements like using a mix of uppercase, lowercase, numbers, and symbols. This help you create passwords that will be difficult for attackers to guess.
  • Keeping software up to date - Software patches are installed so that attackers can't take advantage of known problems or vulnerabilities. CTS updates your Windows operating system, antivirus, Microsoft Office, Java, and other common program.

What can you do to protect yourself?

If you practice good security habits, you may reduce the risk that your computer will be compromised.

  • Use good passwords – In addition to what CTS does, you can further secure your passwords. Use different passwords for different programs and devices. Do not choose options that allow your computer to remember your passwords. Don’t use similar themes or personal information to make your passwords.
  • Keep software up to date –CTS updates your Windows operating system, antivirus, Microsoft Office, Java, and other common program. If you use other programs than what was included on your workstation originally, make sure they are always running the most current stable version.
  • Follow good security practices - Take appropriate precautions is the most important action you can take to secure your system. Don’t click on links or attachments from people that you don’t know or that are too good to be true. Lock your workstation when you step away – even for a moment. Don’t write your passwords down, even if you hide them like under your keyboard or in a desk drawer. More good security practices can be found in the Resources section of the SOC website.

If you believe that you are a victim, please contact the CTS Service Desk.

RESOURCES

https://www.us-cert.gov/ncas/tips/ST06-001
http://www.microsoft.com/security/portal/mmpc/threat/rootkits.aspx