Rootkit

A "rootkit" is a program (or a set of programs) used by the attacker who has managed to gain unauthorized privileged access to a computer to make sure that in the future he will be able to gain such access easily and reliably and also to cover up the traces of the breach. The word comes from the name of the privileged user of the Unix-like operating systems - "root". When an attacker gets a root-level access to a computer (usually by using some kind of exploit), they want to modify the computing environment in such a way that in the future they will be able to get such access easily and that their activities will remain unnoticed. The former can be achieved by replacing the system program for granting access (the login program in Unix) with a customized version that will grant privileged access to the attacker when a special user name or password are entered. The latter (covering up the traces of the attacker) can be achieved by modifying the system logs and deleting from them all records that could be used as evidence for the breach, by modifying the programs that display the existing files or the currently running processes, in order to "hide" any additional programs and processes added by the attacker and so on.