Rootkits usually seek to divert system resources to some purpose other than that of the legitimate system owner. There are two types of rootkits, characterized by the location in which the kit operates:
User-level rootkits operate at the same layer as other applications, as a system user; they sometimes can be removed without requiring a system rebuild.
Kernel-level rootkits become part of the kernel operating system and currently are more rare than user-level kits because they are much more difficult to code; once installed, a kernel-level rootkit basically "owns" the system, so there is no reliable method to ensure that system control can be re-established.
Source: eWEEK Labs Labs Technical Director Cameron Sturdevant can be reached at email@example.com. Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.