• United States

NT Rootkits

May 05, 20032 mins
Enterprise ApplicationsSecurity

Nutter offers background on the danger of NT Rootkits.

Lately I’ve heard a couple of stories about NT Rootkits. What can you tell me about them, and is this something I should be concerned about?

– Via the Internet

You should be concerned about NT Rootkits. Until recently, they’ve mostly been a concern of the Linux/Unix world. NT Rootkits can do several things, such as hide files on the server/workstation that would alert you to their presence. The real “power” of the NT Rootkit is that it can hide processes or directories. I have seen a system infected by a rootkit and it caused problems with the SMTP service on the server being able to send or receive mail.

The problem with NT Rootkits is that even if you know what to look for, you could still miss the tell-tale signs. You can go to for a sampling of some of the rootkits currently available. You will need some type of C compiler in order to compile the source files for them to be usable. Borland’s C++ Builder Personal edition is one that’s affordable and user friendly if you haven’t had any C experience before. I can’t emphasize this enough: When working with this kind of material ensure the machines you’re working on are isolated from your production network in every way possible.

Depending on your training budget, there is training available from on how to defend from rootkits. Training is just one avenue to protect yourself from rootkit intrusion. Keeping the servers up to date on patches and limiting access to the server console, both locally and remotely, are just two of the additional steps to take to help avoid being a victim of the rootkit.