EC-Council Certified Ethical Hacker (CEH) Certification Practice Exam

Rootkits are stealthy malware that gain high privileges and hide themselves by tampering with the operating system and its essential utilities. By integrating with the OS—often at the kernel level—and by altering or replacing system binaries, drivers, and utilities, they can intercept system calls and conceal processes, files, registry entries, network connections, and other artifacts, all while maintaining persistence and control over the system. This breadth of capability is what makes the description that a rootkit can modify the operating system and the utilities of the target system the best fit.

In contrast, limiting modification to the network interface is too narrow, since rootkits can affect many parts of the system beyond the network. They are not antivirus software; rootkits are designed to evade detection and grant control, not protect the host. And while hiding files can be part of what they do, rootkits go further by concealing processes, memory, network connections, and by altering the behavior of system utilities to avoid detection.