Rootkits, Spyware and Ransomware
A rootkit is a collection of malicious computer software created to get access to a target computer and often hides its existence or the existence of other software. The term rootkit is a concatenation of “root” (the privileged account on Unix-like operating systems) and the word “kit” (which refers to the software components that implement the tool).
A rootkit can be installed by an attacker directly or remotely by exploiting a known vulnerability. Once installed, it hides and runs with administrator privilege. Rootkit detection is difficult because a rootkit intercepts operating system calls by antivirus and return a good version of the software. It either duplicates or replaces OS system files making it difficult to detect it.
Methods of Detection:
Integrity scanning by taking snapshots
Memory dump analysis.
The usual solution is to reinstall the operating system.
When dealing with firmware rootkits, removal may require hardware replacement or specialized equipment.
This malware when installed on the target, monitor the Target for every action and report to the remote attacker. Cookie stealing, Password stealing, identity theft, information theft are few attacks which are common using spyware
These are malicious software which restricts access to computer system files and folders asking for an online ransom amount to remove the restrictions.
Usually, they encrypt the data, making the user pay them a huge ransom to get the decrypted data.