Rootkits "Serious" Security Problem - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

02:14 PM

Rootkits "Serious" Security Problem

The hacker equivalent of a cloak of invisibility may cause serious problems for users and anti-virus vendors, a security expert says.

The hacker equivalent of a cloak of invisibility may cause serious problems for users and anti-virus vendors, a security expert said Thursday.

Rootkits, which hark back to Unix, are tools used by hackers to cover their tracks. Rootkits -- even the name comes from Unix, for it refers to the term for the OS's super-user, the root user -- can hide the existence of other malware on a computer by modifying file data, Windows registry keys, or active processes, all of which are used by malicious code detection software to spot worms, viruses, and spyware that's been installed on a PC.

They're commonly used by spyware writers who, after all, try to play as stealthy as possible, but they're now gaining popularity among virus writers, say some security analysts.

According to Panda Software's research director, rootkits for Windows are proliferating. " Even though they're not new, rootkits have re-emerged as a kind of malware that could let hackers discreetly carry out numerous malicious actions," said Luis Corrons in a statement. "In fact, we've seen that they're being used in combination with backdoors to take remote control of computers."

Microsoft, too, has picked up on the rootkit wave. Earlier this week, it released an updated version of its Windows Malicious Software Removal Tool, and for the first time, included a rootkit among the malware it seeks out and destroys.

Hackdef -- also known as Hack Defender -- and one of the most popular rootkits among hackers, "creates, alters, and hides Windows system resources on a computer that it has infected," said the Redmond, Wash.-based developer in its online brief. "[It] can hide proxy services and backdoor functionality. It can also conceal use of TCP and UDP ports for receiving commands from attackers."

"Hack Defender's a perfect example of a rootkit, and the trend of malicious code to conceal itself," said Ken Dunham, the director of malicious code research for Reston, Va.-based security intelligence firm iDefense.

"It's a little like a port knocker in that it doesn't open a new port, but monitors server traffic coming in on other ports, such as TCP port 80, which is used by Internet Explorer. "Good luck trying to figure out what's legitimate and what's not on port 80."

But Dunham's not as convinced as others that rootkits for Windows are that big of a deal. "I think it's a growing trend, but it's really hard to identify [the scope]. There just aren't a lot of stats."

He's a lot more sure of the success of that malware writers are having in cloaking their wares and covering their tracks. "Hackers are becoming very successful in concealing themselves."

Anti-virus firms, said Dunham, are at the front of the battle against rootkits, since by definition, AV software "has to detect before it can destroy, doesn't it?" Dunham noted.

Helsinki-based anti-virus vendor F-Secure, for instance, said that it's monitored posts on a spammer and virus writer blog where the author of Hacker Defender claims his rootkit as not only invisible to current AV software, but also to rootkit-specific detection tools, such as F-Secure's own Blacklight. The license for Hacker Defender, said F-Secure, costs about $500.

Blacklight, which is still in beta testing, is a rootkit detector and eliminator. Until May 1, the free beta can be downloaded from the F-Secure Web site.

It all, said Panda's Corrons, poses a "serious threat" to Windows users, at least in the short term.

In general, Dunham agreed. "As malicious code gets more complicated, it's harder to identify," he concluded.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2019 State of DevOps
2019 State of DevOps
DevOps is needed in today's business environment, where improved application security is essential and users demand more applications, services, and features fast. We sought to see where DevOps adoption and deployment stand, this report summarizes our survey findings. Find out what the survey revealed today.
9 Steps Toward Ethical AI
Cynthia Harvey, Freelance Journalist, InformationWeek,  5/15/2019
How to Convince Wary Customers to Share Personal Information
John Edwards, Technology Journalist & Author,  6/17/2019
The Art and Science of Robot Wrangling in the AI Era
Guest Commentary, Guest Commentary,  6/11/2019
Register for InformationWeek Newsletters
Current Issue
A New World of IT Management in 2019
This IT Trend Report highlights how several years of developments in technology and business strategies have led to a subsequent wave of changes in the role of an IT organization, how CIOs and other IT leaders approach management, in addition to the jobs of many IT professionals up and down the org chart.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll