Symantec Security Response defines a rootkit as follows :
A rootkit is a component that uses stealth to maintain a persistent and undetectable presence on the machine.
The term “rootkits” originally referred to a modified set of commonly used UNIX utilities such as
netstat. These kits were trojaned copies of original programs used by attackers to hide their traces on a victim machine. Once the victim machine was compromised, the attacker used these kits to replace original programs. The modified versions hide specific system information such as processes, files, ports, registry, and disk space related to the rootkit, thereby concealing the presence of the ...