Grrh! Rootkits are everywhere! (But not in my computers as far as I can tell…)

Man this is just stupid, at first, malware are just simple programs that is a small ignorance, then, they started using the internet to do all sorts of (more annoying and malicious) things.  Nowadays (alright, it’s not like it’s anything new…), those malware creators are talking more and more frequently about gaining "root" access to systems using rootkits!
 
(For those of you who are not sure what a rootkit is, have a read of this page at wikipedia:
 
I mean, just this week, I’ve already heard 2 news items from my RSS feeds about rootkits being used – and that (I think…) is probably more than the number of traditional viruses released this week!  Here are the links to the 2 news items:
 
http://www.facetime.com/pr/pr051028.aspx – AIM worm using rootkit technology
http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html – Sony (that’s right, SONY!) music’s DRM software
 
The worrying thing about rootkits (at least those that are coded properly…) are that once installed, they simply "disappear" into your system (by monitoring various calls to the OS and altering the response to the calling application).  What this means is, if you do a simple directory listing on a machine "infected" with a rootkit, you won’t be able to see it!
 
Yes, I know some anti-virus software companies are rolling out products to defend against such attacks (for example, F-Secure’s Black light), but unless you’ve got such software installed when the rootkit installs itself, you won’t be able to ensure the detection / removal of such things by running a traditional scan – the only way to determine definitively whether you are infected with it is by doing a complete directory listing when the system is on-line and comparing a directory listings of that system when it is offline (by booting another, clean OS to do the directory listing).
 
So yeah, it’s scary to think that such attack are so difficult to detect and clean up, and it’s even more scary to think OS vendors allow such attack vector in the first place!
 

As usual, for those of you who are interested, here are some links you might also find useful:
http://www.grc.com/SecurityNow.htm – Security Now!  Audiocast (I hate the term "Podcast"! – in fact, I hate iPods!) – I think it’s a must listen for anyone who are remotely interested in general computer security.
 
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: