Rootkits alarmingly on the march
Rootkits alarmingly on the march
Aug 23, 2005: Rootkits are becoming more popular because the source code of these viruses are becoming more available on the Internet, but analysts from Kaspersky Lab believes that they can be combated against.
Analysts from Kaspersky Lab, which develops content management solutions to protect systems against virus attacks, have released a report, which explains why rootkits are on the march.
A rootkit is a set of programmes that allow a hacker to maintain access to a computer after cracking it and it prevents the hacker from being detected. They are usually invisible to the user and operate undetectable by antivirus programmes.
Analysts, Alexey Monastyrsky, Konstantin Sapronov and Yury Mashevsky, explained in the report that it is relatively easy for virus writers to make small modifications to the source code that is more openly available on the Internet than ever before.
"Another factor which influences the increased use of rootkits is the fact that most Windows users use the administrator's account, rather than creating a separate user account. This makes it much easier to install a rootkit on the victim machine."
These analysts say that although it is impossible to give universal guidelines on how to detect rootkits, they do have guidelines worth following.
"1. Investigating atypical file behaviour, use of network resources, launching of tasks on schedule and on reboot, and monitoring user accounts.2. Using the following utilities which can help to detect the presence of a rootkit in the system: Saint Jude, Chrootkit, RkScan, Carbonite, Kstat, Rootkithunter, Tripware and Samhain."
"All the methods for detecting active rootkits depend on the fact that they disrupt system functioning in one way or another. It will be more difficult to write rootkits for future versions of Windows, where it is impossible to modify system code and the system architecture. This step taken by the developers of the operating system should reduce, if only temporarily, the number of new rootkits for new versions of Windows."
The analysts closed by saying that malicious code for Windows is more common than for UNIX because Windows is the most widely used operating system. However, they believe that if UNIX starts to gain popularity, then the situation will naturally change; new rootkits for UNIX will be written, and new methods of combating them will be developed.
Related Article: