What is the difference between Gootkit, Bootkit and Rootkit?

• Gootkit is a trojan horse, first spotted in 2014.
• Rootkit is a clandestine computer software designed to perform a wide range of malicious activities.

Having a clear understanding of how these three tools differ from each other is vital when it comes to the cyberthreat landscape. Here’s a look at it.

Gootkit

• Gootkit is a trojan horse, first spotted in 2014.
• Its capabilities include infiltration of banking accounts, stealing credentials and manipulating online banking sessions.
• The malware uses three main modules: The Loader, The Main Module and The Web Injection Module. The Loader module is the first stage of the trojan which sets up the persistent environment. The main module creates a proxy server that works in conjunction with the new browser injection module.
• There is no defined propagation process of the malware. It uses phishing emails, exploit kits such as Neutrino, Angler, and RIG to spread to targeted systems.

Rootkit

• Rootkit is a clandestine computer software designed to perform a wide range of malicious activities. This includes allowing hackers to steal passwords and modules that make it easy to capture credit card or online banking information.
• Rootkit can also give attackers the ability to disable security software and record keystrokes, simplifying the stealing process for criminals.
• There are five types of rootkits: Hardware or firmware rootkit; Bootloader rootkit; Memory rootkit; Memory rootkit; Application rootkit and Kernel-mode rootkit.
• Rootkit leverages phishing emails and infected mobile apps to propagate across systems.

Bootkit

• Bootkit is an advanced form of Rootkit that targets the Master Boot Record located on the physical motherboard of the computer.
• Infection by Bootkit can cause system instability and result in Blue Screen warning or an inability to launch the operating system.
• Some bootkit infections may display a warning and demand a ransom to restore the computer to operational capacity.
• The malicious software usually spreads via bootable floppy disks and other bootable media. However, recently, it is distributed via a harmless software program, phishing emails or free downloads. Alternatively, bootkit can also be installed via a malicious website utilizing vulnerabilities within the browser.