Rootkits, Smarter Hackers Pose Growing Security Threats

If reports issued by several well-known anti-virus companies are on the money, IT administrators will continue to face new and sophisticated forms of malware that challenge the security industry’s ability to stay ahead of emerging threats.

Based on a new study released by software maker McAfee’s Avert Labs group, the technology used to cloak many different forms of malware, especially rootkits, is becoming increasingly complex and harder to detect.

Factoring into the issue, and the continued maturation of malicious attacks on enterprise systems, is the growing tendency toward collaboration among hackers, according to the report.

McAfee said its research indicates that the use of so-called “stealth technologies” has jumped by over 600 percent during the last three years.

The number of rootkit attacks being reported to McAfee’s labs was up by 700 percent during the first quarter of 2006, compared with the same period in 2005.

Click here to read why Microsoft says recovering from malware is becoming impossible.

A rootkit is used to modify the flow of a software program’s kernel to hide the presence of an attack on a machine. It gives a hacker remote user access to the compromised system while avoiding detection from anti-virus scanners.

“The growth has been extraordinary and the use of rootkits that we are seeing is far more complex than any examples we’ve seen in previous years; the stealth aspect of these attacks is making them very hard to find,” said Stuart McClure, senior vice president of global threats at McAfee, in Santa Clara, Calif.

“These technologies are so deeply embedded that even if you are able to remove them, you often destabilize a system quickly, and cleaning these things out remains enormously challenging,” McClure said.

Another aspect of the growing problem is that rootkits are increasingly being written to attack systems running on Microsoft’s Windows operating system. While rootkits previously troubled more Linux and Unix-based systems, McAfee said Windows-oriented rootkits increased by a staggering 2,300 percent between 2001 and 2005.

According to the research, that trend is spurred by both the desire to break into Microsoft’s proprietary software, and the fact that a larger number of machines run Windows, meaning more are available for attack.

McAfee contends that one of the primary drivers of the expanded proliferation and complexity of rootkits is growing collaboration among virus writers, including the misuse of materials published on resource Web sites dedicated to helping people fight the programs. Since some of these sites, such as Rootkit.com, contain hundreds of lines of rootkit code, and may be doing more harm than good, McClure said.

“The threats are constantly evolving; someone figures something out and within minutes it’s being distributed. The malware writers are getting much smarter and faster at sharing information and realizing the profit in this,” he said. “Rootkit.com and the others come off as wanting to educate the industry, but the problem is that posts on those Web sites are dropped directly into malware. These good guys are trying to regulate the information, but, unfortunately, it’s being misused.”

Read the full story on eWEEK.com: Rootkits, Smarter Hackers Pose Growing Security Threats