What is a rootkit?
A rootkit is a collection of files/programs used by attacker(s) to re-enter a network/computer without being detected. Normally a rootkit will come with various popular exploits to assist the attacker in the re-entry of a system. Recently, many of the exploits have been related with common vulnerabilities found in BIND, Linux line printer, and Washington Universitys FTP program.
In addition to the exploits, many rootkits also come with and install sniffers. This is done because attackers want to capture passwords from users logging in over the network; a sniffer can do this and its quite hard to detect. A rootkit can also change common binaries so that a busy administrator will not detect them.