Computing in the real world
SEARCH FOR: IN: Advanced Search
Guest  Level 00    Register Log in

News 

[PSUs]
Tuesday 18th April 2006
The rise of the rootkit threat 6:03PM, Tuesday 18th April 2006
Security company McAfee has highlighted the pitched battle between the security community and virus writing networks in its charting of the rise of rootkit threats.

Rootkits have boasted a high profile ever since Sony's ill-fated attempt at copy-protection stumbled when it was found to contain insecure rootkit technology that compromised the system upon which it was installed.

While it may have been the first time most of the public had heard of the term - which refers to code working at a low level, interacting directly with the operating system and invisible to the user and other applications, including many security software - the infamy of the incident also took the fancy of virus writers the world over: rootkits are now big business on the virus underground.

McAfee's report claims that software for the creation of rootkits is exchanging hands for as much as $2,000 and that absolute numbers have risen alarmingly: some 400 per cent between 2004 and 2005. And the company predicts continued growth of 650 per cent every year for the next two to three years.

It says that rootkits themselves are also becoming increasingly sophisticated, and are used to hide more
 
 
ADVERTISEMENT
and more malicious components. Take the first quarters of 2005 and 2006: for the 2005 period, McAfee had 60-odd stealth components sent to it for analysis; roll on to the 2006 period and that figure rises to 612.

The reason that rootkits are gaining so much attention is manifold. First, McAfee says that virus writers are attracted by the technical challenge of using rootkits - which were originally for manipulating Unix and Linux environments - for Windows, and says there is a range of unmapped APIs for writers to use in the system.

Second, there's money to be made. Not only from selling rootkit 'kits', but also because of the way they are used: not only for direct attacks on a system, but also to hide components of adware and other potentially unwanted software, rendering them almost impossible to uninstall for most users, even if they are aware of them.

Third, says McAfee, the effect of collaboration between rootkit writers means that this form of attack is constantly moving forward. So much so, that the company cites 'collaboration' as 'largely to blame for the increased proliferation and complexity of rootkit components'.

Indeed Finnish security company F-Secure was pretty much the first company with a widely available commercial anti-rootkit product, but that was as recently as March of last year.

Clearly then it will fall to the security community to be equally as clubbable in order to keep up with this quickly evolving threat.

More information about McAfee is available on its website.
Matt Whipp

Submit to: Digg  |  Slashdot  |  Del.icio.us  |  Technorati

Related News


Sponsored Links
Get McAfee - Save up to 50% and Download Now
Save 50% on McAfee virusscan, internet security suite, McAfee total protection, firewall, pc protection plus - download now.
Back to top
McAfee Offers
Get McAfee - Save up to 50% and Download Now
Save 50% on McAfee virusscan, internet security suite, McAfee total protection, firewall, pc protection plus - download now.
www.mcafee-downloads.co.uk
Compare Broadband
Broadband?
Compare 50+ packages
Enter your postcode below:
Powered by:
Top 10 Broadband
Bookstore Top 5
› See more News
› See more Hot topics

Columns

Prolog:

There are lots of ways to save money, says Tim Danton, but it's the little things that count. › See full Opinion
› See more Columns
›  See more Research Papers