According to Wikpedia a rootkit is a set of software tools intended to conceal running processes, files or system data, thereby helping an intruder to maintain access to a system whilst avoiding detection. Rootkits are known to exist for a variety of operating systems such as Linux, solaris and versions of Microsoft Windows.

Rootkits often modify parts of the operating system or install themselves as drivers or kernel modules.

The word "rootkit" came to public awareness in the 2005 Sony BMG CD protection scandal, in which Sony BMG music CD's surreptitiously placed a rootkit on Microsoft Windows PC's when the CD was played on the computer. Sony provided no mention of this on the CD or its packaging, referring only to security rights management measures.

Although a rootkit's purpose is to hide files, network connections, memory addresses, or registry entries from other programs, it can also be incorporated with other files which may have other purposes. It is important to note that the utilities bundled with the rootkit may be malicious in intent, but a rootkit is essentially a technology; it may be used for both productive and destructive purposes. The rootkits often use the "backdoors" to help the attacker access the syste more easily.One example is that the rootkit may hide an application that manifests as a hell when an attacker connects to a particular network porton the system. A backdoor may also allow processes started by a non-privileged user to execute functions normally reserved for the superuser. All sorts of other tools useful for abuse can be hidden using rootkits. This includes tools for further attacks against computer systems the compromised system communicates with such as sniffers and keyloggers. Tools for this can include denial-of-service attack tools and oher tools to relay chat sessions and e-mail spam attacks. A major use for rootkits is allowing the programmer of the rootkit to see and access user names and log-in information for sites that require them. The programmer of the rootkit can store unique sets of log-in information from many different computers. This makes the rootkits extremely hazardous, as it allows trojans to access this personal information while the rootkit covers it up.

Rootkits are not always used to attack and gain control of a computer. Some software may use rootkits to hide from 3rd party scanners to prevent detection or tampering. Some emulation software and secure software are known to be using rootkits.

Hook Explorer is a free utility to identify rootkits.Hook Explorer can tell you if a file has hidden itself behind legitimate programs, sometimes fooling firewall software. A file hooked into the Windows program winlogon.exe, for example, could record your keystrokes as you type your system password, and if you tried to kill the winlogon program, you'd crash your system. HookExplorer detects IAT and detours style hooks, and it allows the user to whitelist items known to be safe.

Details and downloads available at http://labs.idefense.com/files/labs/releases/previews/HookExplorer/

(Cut and paste the url)