Rootkits "Serious" Security Problem - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

02:14 PM

Rootkits "Serious" Security Problem

The hacker equivalent of a cloak of invisibility may cause serious problems for users and anti-virus vendors, a security expert says.

The hacker equivalent of a cloak of invisibility may cause serious problems for users and anti-virus vendors, a security expert said Thursday.

Rootkits, which hark back to Unix, are tools used by hackers to cover their tracks. Rootkits -- even the name comes from Unix, for it refers to the term for the OS's super-user, the root user -- can hide the existence of other malware on a computer by modifying file data, Windows registry keys, or active processes, all of which are used by malicious code detection software to spot worms, viruses, and spyware that's been installed on a PC.

They're commonly used by spyware writers who, after all, try to play as stealthy as possible, but they're now gaining popularity among virus writers, say some security analysts.

According to Panda Software's research director, rootkits for Windows are proliferating. " Even though they're not new, rootkits have re-emerged as a kind of malware that could let hackers discreetly carry out numerous malicious actions," said Luis Corrons in a statement. "In fact, we've seen that they're being used in combination with backdoors to take remote control of computers."

Microsoft, too, has picked up on the rootkit wave. Earlier this week, it released an updated version of its Windows Malicious Software Removal Tool, and for the first time, included a rootkit among the malware it seeks out and destroys.

Hackdef -- also known as Hack Defender -- and one of the most popular rootkits among hackers, "creates, alters, and hides Windows system resources on a computer that it has infected," said the Redmond, Wash.-based developer in its online brief. "[It] can hide proxy services and backdoor functionality. It can also conceal use of TCP and UDP ports for receiving commands from attackers."

"Hack Defender's a perfect example of a rootkit, and the trend of malicious code to conceal itself," said Ken Dunham, the director of malicious code research for Reston, Va.-based security intelligence firm iDefense.

"It's a little like a port knocker in that it doesn't open a new port, but monitors server traffic coming in on other ports, such as TCP port 80, which is used by Internet Explorer. "Good luck trying to figure out what's legitimate and what's not on port 80."

But Dunham's not as convinced as others that rootkits for Windows are that big of a deal. "I think it's a growing trend, but it's really hard to identify [the scope]. There just aren't a lot of stats."

He's a lot more sure of the success of that malware writers are having in cloaking their wares and covering their tracks. "Hackers are becoming very successful in concealing themselves."

Anti-virus firms, said Dunham, are at the front of the battle against rootkits, since by definition, AV software "has to detect before it can destroy, doesn't it?" Dunham noted.

Helsinki-based anti-virus vendor F-Secure, for instance, said that it's monitored posts on a spammer and virus writer blog where the author of Hacker Defender claims his rootkit as not only invisible to current AV software, but also to rootkit-specific detection tools, such as F-Secure's own Blacklight. The license for Hacker Defender, said F-Secure, costs about $500.

Blacklight, which is still in beta testing, is a rootkit detector and eliminator. Until May 1, the free beta can be downloaded from the F-Secure Web site.

It all, said Panda's Corrons, poses a "serious threat" to Windows users, at least in the short term.

In general, Dunham agreed. "As malicious code gets more complicated, it's harder to identify," he concluded.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Becoming a Self-Taught Cybersecurity Pro
Jessica Davis, Senior Editor, Enterprise Apps,  6/9/2021
Ancestry's DevOps Strategy to Control Its CI/CD Pipeline
Joao-Pierre S. Ruth, Senior Writer,  6/4/2021
IT Leadership: 10 Ways to Unleash Enterprise Innovation
Lisa Morgan, Freelance Writer,  6/8/2021
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll