Kernel-Level Malware Rising High

The kernel-level moniker is actually the software's capability to work inside the OS' (operating system) kernel, a component that connects the OS to the system's hardware. Traditional malware works like a regular application, which operates on top of the OS.

Vnunet.com reported on February 23, 2007 that Kimmo Kasslin, security researcher, F-Secure, called malware, which can run exclusively in the kernel as a "scary thought" in a study. He further wrote that malware would use and share all the resources used by the OS itself and contend with any security solutions that are defending the system's integrity against malevolent activities.

The researcher cautioned that this trend could result to an "arms race" between malware and security software as the malevolent computer software tries to escape detection. This "arms race" would eventually favor that code which operates nearest to the most basic functions of the OS.

Kasslin explained that no security software vendor who is in the business seriously would take this path. But the world is full of instances of proof-of-concept codes and malware that exactly does this.

Kasslin reported that since 2005, malware writers have increased the use of kernel-level code radically. He predicts that researchers found approx 2.63 new kernel malevolent code families in every month of 2006.

Presently, the kernel code is principally employed with rootkits that allow traditional malevolent programs to operate undetected. But Kasslin stated that kernel-level code would be set to take on a more important role in malevolent strikes very soon.

A cyber attacker can easily hide malware like sniffers, keyloggers, and backdoors using a rootkit. Security experts think that there is an anticipated hike in the kernel rootkits that are particularly dangerous as they can be hard to discover without any appropriate software.

Even software documentation with instances and completely working source code is available easily. It gives a detailed explanation of how can you to write your own kernel-mode rootkit.

Kasslin concluded that kernel malware is gaining popularity, mostly fuelled by high interest in rootkit. The reason being that more software documentation and exemplars are available to public. Existing security solutions, including firewalls and anti-virus scanners, haven't been made to protect from kernel malware and prevention is probably the only solution.

» SPAMfighter News - 3/5/2007