Rootkits Grow In Remarkable Complexity
Rootkit complexity is growing at remarkable levels enabling malicious software to go deep and wide and also remain undetected while holding on to Microsoft Windows program, according to McAfee's security report.
Rootkits are malicious software with stealthy behavior that conceals files, processes and registry keys. Over the last few years, they have grown from 27 components to 2,400, according to McAfee's report, rootkits Part 2: A Technical Primer.
Earlier the trend was to use rootkit A but now there are different rootkit components in different malware. Now attackers use the components in numerous ways to conceal their malware, said Dave Marcus, security researcher and communications manager for McAfee Avert Labs. Builderau.com.au published Marcus' statement on April 19, 2007.
McAfee's study indicates that the new rootkit techniques will remain a challenging area for security experts. For, hackers are likely to design stronger and even more malignant breed of malware that will be hard to detect and remove.
Attackers employ rootkits primarily to prevent their malicious software from being noticed. The malicious software could be a spyware or keylogger software or similar malware that are capable of stealing sensitive and secret information from the users' computers. The rootkits create a hidden folder or directory that is crafted to remain invisible to the users' operating system and security tools.
Marcus said security firms are increasingly designing anti-virus software to spot rootkits. Some of these techniques include memory scan in various locations on users' systems.
In the first three months of 2007, the number of rootkits McAfee Avert Labs received was 15 percent less compared to the first three months of 2006. This shows that McAfee was getting more successful at seizing existing families of rootkits and their techniques, said Jeff Green, senior vice president at McAfee Avert Labs. Itnews.com.au published Green's statement on April 19, 2007.
Rootkit techniques were first discovered in the first quarter of 2006 and they primarily included trojans that attempted to behave like rootkits. Now there are newer samples of rootkits from the existing families, whereas new families of malware that make use of rootkit techniques are diminishing.
Related article: Rootkits Can Be Detected And Eradicated
» SPAMfighter News - 27-04-2007