7% PC Infections Caused by Rootkits, Says Microsoft
Microsoft malware Protection Center has stated in a blog posted January 8, 2010 that around 7% infected PCs the company came across were detected with low-level rootkits.
It is learnt that rootkit refers to a special type of malware installing itself at an extremely low-level of a system, in certain ways below the operating systems, so as to trick the system. To remain undetected from anti-malware tools, rootkit interrupts the call of the operating system. According to security experts, detecting them is really difficult.
The blog post talks of the most widespread families of rootkits, some of which are: Cutwail, Hupigon, Alureon and Rustock. Over 60% of rootkit detected by Microsoft were accounted by Alureon alone. Cutwail also demonstrated decent numbers, Hupigon and Rustock were detected in noticeable numbers, and the remaining comprised small share.
But, on considering threats that attempted to run and were blocked, experts find a different list, where Rustock and Bagle emerge as the dominating rootkits.
Besides this, the company has also listed some locations where files are generally installed by the rootkits. Preplanned locations on disk are used by rootkits to conceal their malicious binary files. Anything strange in these places might not be shown by Windows; however, a comprehensive anti-rootkit scanning can highlight the concealed threats, taking required action, revealed the Microsoft's post.
Rootkits are nowadays frequently modifying Windows Operating System kernel to get activated and start hiding on a PC. Security researchers at Microsoft examined the kernel on systems running full anti-malware software to detect for the clues of tampering done by rootkits and found that an alarming number of systems have infected kernel.
Going deeper into the results, researchers found that Windows kernel is being tampered by a huge number of software for different reasons. Most of this software is not particularly malicious, but kernel's modification can cause system instability, providing an easy opportunity to rootkits to conceal themselves.
Finally, security experts advised that implementing good security practices and getting rid of rootkits before they hide is the best option, because once installed, it proves extremely tough to eliminate rootkits.
Related article: “Loopholes did not cause online banking thefts”: ICBC
» SPAMfighter News - 18-01-2010