Rootkits are programs that hackers use in order to evade detection while trying to gain unauthorized access to a computer. Rootkits when installing on a computer, are invisible to the user and also take steps to avoid being detected by security software.
A rootkit is a set of binaries, scripts and configuration files that allows someone to covertly maintain access to a computer so that he can issue commands and scavenge data without alerting the system’s owner.
Depending on where they are installed there are various types of rootkits:
Kernel Level Rootkits
Hypervisor (Virtualized) Level Rootkits
Boot loader Level (Bootkit) Rootkits
NTFS DATA Stream
Alternative Data Stream support was added to NTFS (Windows NT, Windows 2000 and Windows XP) to help support Macintosh Hierarchical File System (HFS) which uses resource forks to store icons and other information for a file. Using Alternative Data Streams a user can easily hide files that can go undetected unless close inspection.
The art of hiding a data inside another data/medium is called steganography.
For eg: hiding data within an image file
The secret message is called overt file and the covering file is called covert file.
Types of Steganography
White Space Steganography