Sunday, July 30, 2006
Rooting Out The Rootkits
"It’s frustrating to read news reports about rootkits that avoid detection by antivirus software, especially when you’ve just spent a bundle on an Internet security suite that you thought was supposed to protect your system from all the creepy-crawlies on the net.
The christening is over, the newest baby in the rootkit world has been given two monikers, Backdoor.Rustock.A and Mailbot.AZ. But will this turn out to be Rosemary’s Baby, is the question uppermost in security researchers’ minds?
Rustock.A is being feared for the techniques it uses to hide its presence from standard search methods used by anti-virus software. Rootkits are ferreted out by an anomaly in the number of running processes. The count is done twice by the protection and detection software, once at the high level, and then at a level closer to the root. If there are no discrepancies in the two calculations, the application concludes that the system is free from rootkits.
But these stealthy infiltrators hide themselves by running their process deep within driver and kernel
How can we even possibly keep track? I have said it before, rootkits are insideous.
