Security analysts have been predicting that kernel rootkits, which cloak their activity by replacing a portion of a program’s software kernel with modified code, are expected to continue to grow in frequency in 2007.
While rootkit-fighting technologies such as the PatchGuard kernel protection system built into 64-bit versions of Microsoft’s new Windows Vista operating system are arriving, most PC users will still be left open to the attacks over the next twelve months, CA has said, and even experienced PC users are vulnerable to their sophisticated techniques.
F-Secure Security Labs has been tracking and dissecting kernel malware for years; this form of attack was first spotted as far back as 1999, in the form of the WinNT/Infis attack.
F-Secure researcher Kimmo Kasslin has made the findings available in a paper titled “Kernel Malware: The Attack from Within” (a PDF) as well as in a slide show (also a PDF).
Read the full story on eWEEK.com: The Dissection of a Rootkit.
