Rootkits "Serious" Security Problem - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
News
News
4/14/2005
02:14 PM
50%
50%

Rootkits "Serious" Security Problem

The hacker equivalent of a cloak of invisibility may cause serious problems for users and anti-virus vendors, a security expert says.

The hacker equivalent of a cloak of invisibility may cause serious problems for users and anti-virus vendors, a security expert said Thursday.

Rootkits, which hark back to Unix, are tools used by hackers to cover their tracks. Rootkits -- even the name comes from Unix, for it refers to the term for the OS's super-user, the root user -- can hide the existence of other malware on a computer by modifying file data, Windows registry keys, or active processes, all of which are used by malicious code detection software to spot worms, viruses, and spyware that's been installed on a PC.

They're commonly used by spyware writers who, after all, try to play as stealthy as possible, but they're now gaining popularity among virus writers, say some security analysts.

According to Panda Software's research director, rootkits for Windows are proliferating. " Even though they're not new, rootkits have re-emerged as a kind of malware that could let hackers discreetly carry out numerous malicious actions," said Luis Corrons in a statement. "In fact, we've seen that they're being used in combination with backdoors to take remote control of computers."

Microsoft, too, has picked up on the rootkit wave. Earlier this week, it released an updated version of its Windows Malicious Software Removal Tool, and for the first time, included a rootkit among the malware it seeks out and destroys.

Hackdef -- also known as Hack Defender -- and one of the most popular rootkits among hackers, "creates, alters, and hides Windows system resources on a computer that it has infected," said the Redmond, Wash.-based developer in its online brief. "[It] can hide proxy services and backdoor functionality. It can also conceal use of TCP and UDP ports for receiving commands from attackers."

"Hack Defender's a perfect example of a rootkit, and the trend of malicious code to conceal itself," said Ken Dunham, the director of malicious code research for Reston, Va.-based security intelligence firm iDefense.

"It's a little like a port knocker in that it doesn't open a new port, but monitors server traffic coming in on other ports, such as TCP port 80, which is used by Internet Explorer. "Good luck trying to figure out what's legitimate and what's not on port 80."

But Dunham's not as convinced as others that rootkits for Windows are that big of a deal. "I think it's a growing trend, but it's really hard to identify [the scope]. There just aren't a lot of stats."

He's a lot more sure of the success of that malware writers are having in cloaking their wares and covering their tracks. "Hackers are becoming very successful in concealing themselves."

Anti-virus firms, said Dunham, are at the front of the battle against rootkits, since by definition, AV software "has to detect before it can destroy, doesn't it?" Dunham noted.

Helsinki-based anti-virus vendor F-Secure, for instance, said that it's monitored posts on a spammer and virus writer blog where the author of Hacker Defender claims his rootkit as not only invisible to current AV software, but also to rootkit-specific detection tools, such as F-Secure's own Blacklight. The license for Hacker Defender, said F-Secure, costs about $500.

Blacklight, which is still in beta testing, is a rootkit detector and eliminator. Until May 1, the free beta can be downloaded from the F-Secure Web site.

It all, said Panda's Corrons, poses a "serious threat" to Windows users, at least in the short term.

In general, Dunham agreed. "As malicious code gets more complicated, it's harder to identify," he concluded.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Slideshows
Top-Paying U.S. Cities for Data Scientists and Data Analysts
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/5/2019
Slideshows
10 Strategic Technology Trends for 2020
Jessica Davis, Senior Editor, Enterprise Apps,  11/1/2019
Commentary
Study Proposes 5 Primary Traits of Innovation Leaders
Joao-Pierre S. Ruth, Senior Writer,  11/8/2019
Register for InformationWeek Newsletters
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll