Security
Rootkits aren't doom - but keep up defenses
Rootkits do not signal impending doom for corporate IT, but companies need to keep up their defenses as the malware tools begin to spread, experts say.
Related links
Does open source encourage rootkits?
Companies lining up to root out rootkits
Story tools
Sponsored by:
E-Mail article
|
|
Print article
|
|
Contact author
|
|
AIM article
|
del.icio.us |
Reddit
|
Digg
|
Stumble
|
Slashdot It!
|
The best way to deal with rootkits is to prevent infection in the first place - which is easier said than done. Besides maintaining traditional layers of security - firewalls, anti-virus software and patching - experts recommend locking down desktops to control software installation and operating system manipulation.
"Rootkits are not an end-of-the-world situation," says Rob Murawski, a member of the technical staff Carnegie Mellon Software Engineering Institute CERT Coordination Center (CERT/CC) in Pittsburgh, Pa. "But it is an arms race between those that create rootkits and those that create detectors."
And that race is reaching a fever pitch. The number of rootkit attacks reported to McAfee labs in the first quarter of 2006 was up 700% compared with the same period in 2005, McAfee says.
A rootkit is malware that slips into a system and hides, and gives no indication that the system has been compromised. It can be used for any number of misdeeds, such as installing backdoors that can be used for remote access by hackers, or allowing a machine to be used as a staging point for attacks on other systems, according to CERT. Rootkits also can discover that security tools are looking for them and dodge detection.
While traditional malware tries to wreak as much havoc as possible, rootkits are being used to aim at focused targets, such as banks.
"What we've seen with rootkits is the transition from the notoriety-type virus writer to the for-profit virus writer," says David Frazer, director of technologies for F-Secure, which develops an anti-rootkit tool called Blackight. "The more professional-type malware writers have R&D. They have external funding."
Those efforts are producing custom rootkits with unique signatures that can't be discovered by automatic detection tools, such as Hacker Defender, that use documented profiles of well-known rootkits.
• Dell puts Linux and Atom in Vostro PCs
• Mozilla names best Firefox 3 add-ons
• Torvalds: Fed up with the 'security circus'
• Dell Latitude ON - big win for Linux
• Open source advocates hail appeals court ruling
LinuxWorld Conference and Expo San Francisco, August 4-7, 2008.
Linux Plumbers Conference Portland, OR, Sept. 16-19, 2008.
FreedomHEC Santa Monica, November 8-9, 2008.
Featured White Papers