Between the year 2000 and 2011, the world experienced a massive surge in the number of rootkits.
After 2011, however, something changed.
64-bit systems were becoming more popular. All the major rootkits were built to target 32-bit systems, which meant fewer and fewer attacks were taking place.
Rootkits, of course, are designed specifically to target the root of your PC. You can sometimes eliminate rootkits using anti-malware software, but the “root” of the rootkit hides itself in the core files of your PC.
That’s why rootkits are extremely difficult to remove.
64-bit systems have more protection against rootkit attacks, including something called PatchGuard. Digital signature enforcement for drivers is also an effective way to prevent rootkits from taking full control of your system.
Unfortunately, in June 2014, things changed: we’ve seen a surge in rootkit attacks. Rootkit attacks are now at a level unseen since 2011.
Why are rootkit attacks increasing in number?
The defenses that 64-bit systems established against rootkit attacks were thought to be virtually impenetrable barriers.
However, it turned out they were more like speed bumps for hackers. In took a couple years, but today’s rootkit developers have found ways around PatchGuard and driver signature tools. Those “ways” include:
-Installing a digitally signed driver from a legitimate software/hardware developer, and then using a known exploit within that driver to gain access to the system
-Another popular method is to steal digitally-signed certificates from legitimate companies and then use those certificates to hide malware. A hacker might hack into Oracle’s servers, for example, steal a legitimate certificate, and then slap that certificate on the rootkit.
Using these methods is like having a fully body disguise for the rootkit. The PC sees the rootkit as a legitimate driver/software program. Underneath that disguise, however, is a devastating rootkit attack.
According to McAfee, there are now more than 25 million known samples of digitally-signed malware. That’s malware that looks legitimate to both antivirus software and Windows, but is actually a huge threat to your system.
Targeting the Master Boot Record
The Master Boot Record (MBR) is one of the most important parts of your PC. The MBR is a small 512-byte partition of the hard drive which is accessed before any other part of the hard drive during the boot process.
Targeting the MBR lets the rootkit implement itself from the very first moments you turn on your computer.
That’s a huge problem and one that could leave your computer with a problem that’s extremely difficult to remove.
How to remove rootkits
McAfee likes to publicize rootkit statistics because it sells one of the best rootkit removal tools on the planet.
McAfee’s rootkit removal tool is free to download but not 100% effective against rootkits. You see, rootkits are built specifically to avoid removal. You might remove the top layer, but the root will remain.
The best defense against rootkits is to avoid them in the first place. Download PC Cleaner Pro, run an antivirus software, and avoid visiting untrustworthy websites. If you do those 3 things, you’ll reduce your likelihood of downloading a rootkit by 99%.