What is the difference between Gootkit, Bootkit and Rootkit?

  • Gootkit is a trojan horse, first spotted in 2014.
  • Rootkit is a clandestine computer software designed to perform a wide range of malicious activities.

Having a clear understanding of how these three tools differ from each other is vital when it comes to the cyberthreat landscape. Here’s a look at it.

Gootkit

  • Gootkit is a trojan horse, first spotted in 2014.
  • Its capabilities include infiltration of banking accounts, stealing credentials and manipulating online banking sessions.
  • The malware uses three main modules: The Loader, The Main Module and The Web Injection Module. The Loader module is the first stage of the trojan which sets up the persistent environment. The main module creates a proxy server that works in conjunction with the new browser injection module.
  • There is no defined propagation process of the malware. It uses phishing emails, exploit kits such as Neutrino, Angler, and RIG to spread to targeted systems.

Rootkit

  • Rootkit is a clandestine computer software designed to perform a wide range of malicious activities. This includes allowing hackers to steal passwords and modules that make it easy to capture credit card or online banking information.
  • Rootkit can also give attackers the ability to disable security software and record keystrokes, simplifying the stealing process for criminals.
  • There are five types of rootkits: Hardware or firmware rootkit; Bootloader rootkit; Memory rootkit; Memory rootkit; Application rootkit and Kernel-mode rootkit.
  • Rootkit leverages phishing emails and infected mobile apps to propagate across systems.

Bootkit

  • Bootkit is an advanced form of Rootkit that targets the Master Boot Record located on the physical motherboard of the computer.
  • Infection by Bootkit can cause system instability and result in Blue Screen warning or an inability to launch the operating system.
  • Some bootkit infections may display a warning and demand a ransom to restore the computer to operational capacity.
  • The malicious software usually spreads via bootable floppy disks and other bootable media. However, recently, it is distributed via a harmless software program, phishing emails or free downloads. Alternatively, bootkit can also be installed via a malicious website utilizing vulnerabilities within the browser.