呵呵，我有个要求，我先介绍什么是Rootkit,待有人翻译过来后，我再继续介绍它的功能、用途、种类及清除方式。
A rootkit is a set of software tools frequently used by a third party (usually an intruder) after gaining access to a computer system. These tools are intended to conceal running processes, files or system data, which helps an intruder maintain access to a system without the user's knowledge. Rootkits are known to exist for a variety of operating systems such as Linux, Solaris and versions of Microsoft Windows.

The rootkit concept is the dominant controversial aspect of the 2005 Sony CD copy protection controversy, which has made the previously obscure concept of a rootkit much more widely known in the technology community, and to the general public.

引用:

【toshiakiw的贴子】Rootkit是一套在获得电脑系统的使用权后, 经常被第三方使用(通常是入侵者)的软件工具. ... ...........................

Well done! Thank you.
Now, the next part:

Functions of a rootkit

    A rootkit typically hides logins, processes, files, and logs and may include software to intercept data from terminals, network connections, and the keyboard. In many instances, rootkits are counted as trojan horses.

Uses of rootkits

    A rootkit is often used to hide utilities used to abuse a compromised system. These often include so called "backdoors" to help the attacker subsequently access the system more easily. For example, the rootkit may hide an application that spawns a shell when the attacker connects to a particular network port on the system. Kernel rootkits may include similar functionality. A backdoor may also allow processes started by a non-privileged user to execute functions normally reserved for the superuser. All sorts of other tools useful for abuse can be hidden using rootkits. This includes tools for further attacks against computer systems the compromised system communicates with such as sniffers and keyloggers. A common abuse is to use a compromised computer as a staging ground for further abuse. This is often done to make the abuse appear to originate from the compromised system or network instead of the attacker. Tools for this can include denial-of-service attack tools, tools to relay chat sessions, and e-mail spam attacks.

引用:

【endurer的贴子】Thanks... Study.... ...........................

Why not have a try?

Well, thank you very much for taking great trouble to make us know something about how a rootkit,a kind of trojan horse, works.It is sure to help us to protect our computer from the attacks against which you have just warned us.

Now,I suppose,many members here might be interested in what the following is about.

Types of rootkitsBasic types
Rootkits come in two different flavours, kernel and application level kits. Kernel level rootkits add additional code and/or replace a portion of kernel code with modified code to help hide a backdoor on a computer system. This is often accomplished by adding new code to the kernel via a device driver or loadable module, such as Loadable Kernel Modules in Linux or device drivers in Microsoft Windows. Kernel rootkits commonly patch, hook, or replace system calls with versions that hide information about the attacker. Application level rootkits may replace regular application binaries with trojanized fakes, or they may modify the behavior of existing applications using hooks, patches, injected code, or other means. Kernel rootkits can be especially dangerous because they can be difficult to detect.

Examples
FU Rootkithttp
SuckIT
T0rn
Ambient's Rootkit (ARK)
Hacker Defender
...

***I just expect another member to help us out. Thank you first

引用:

【迷惘的电脑迷的贴子】 本人不才，希望 FIGHTOUT大侠能够给出正确的答案来 供大家的参考。 ...........................

Actually,you are better at translating something on computer than I.Thank you for your translation.

引用:

【欧虫的贴子】 起初我自己是把kernel rootkits译成内核级rootkits.而application rootkits是应用级rootkits(不过后来查了一下,有人把它称为特洛伊) 还有,上面多处的kernel可以理解为系统内核 这里修改一个地方吧 such as Loadable Kernel Modules in Linux or device drivers in Microsoft Windows.这里上面的朋友刚才倒了过来,应该是:比如Linux中的可加载模块和Windows中的设备驱动程序. ...........................

Thank you.
Now,I suppose some members might be interested in how to detect rootkits.And I'd like to offer a description of it.When it has been translated,you'll be told how to remove rootkits.



Detecting rootkitsThere are inherent limitations to any program that attempts to detect rootkits while those programs are running under the suspect system. Rootkits are suites of programs which modify many of the tools and libraries upon which all programs on the system depend. Some rootkits modify the running kernel (through loadable modules on Linux and many other forms of UNIX, and possibly through VxDs, virtual external drivers, on MS Windows platforms). The fundamental problem with rootkit detection is that the operating system currently running cannot be trusted. In other words, actions such as requesting a list of all running processes or a list of all files in a directory cannot be trusted to behave as intended by the original designers.

The best and most reliable method for rootkit detection is to shut down the computer suspected of infection and check its storage by booting from an alternative media (e.g. rescue CD-ROM, USB-stick). A non-running rootkit cannot hide its presence and most established antivirus programs will identify rootkits armed via standard OS calls (which are supposedly doctored by the rootkit) and lower level queries, which ought to remain reliable. If there is a difference the presence of a rootkit infection can be assumed. Rootkits try to protect themselves by monitoring running processes and suspending their activity until the scanning has finished as non-stealthy malware will not be identified by rootkit scanners.

Security vendors envision a solution by integrating rootkit detection into traditional antivirus products. Should a rootkit decide to hide during the scan process, it will be identified by the stealth detector. If it decides to temporarily unload from the system, the traditional antivirus will find it using fingerprint detection. This combined defence may force attackers to implement counter-attack mechanisms (so called retro routines) in their rootkit code that will forcibly remove security software processes from memory, effectively killing the antivirus program. As with computer viruses the detection and elimination of rootkits will be an ongoing struggle between the creators of the tools on both sides of this conflict.

There are several programs available to detect rootkits. On Unix based systems two of the most popular of these are chkrootkit and rkhunter. For the Windows platform a free for personal use stealth scanner, named Blacklight, is available in beta on F-Secure's website. Another Windows detector is Rootkit Revealer from Sysinternals. It will detect all current rootkits by comparing the results from the OS to the actual listing read from the disk itself. However, some rootkits started to add this particular program to a list of files it does not hide from. So in essence, removing the differences between the two listings, the detector doesn't report them. However, renaming the rootkitrevealer.exe filename to a random name defeats this. This features are also included in lastest Rkdetector release.

Well,the next post is "Removing rootkits"
Interested?

Come here often. It will be translated by someone here sooner or later.

引用:

【茶农的贴子】学习了 ...........................

Welcome here.