[ insider_reports_insider ]
Rootkits Pose Big 2007 Threat
David Utter
Staff Writer
2006-12-28
 Insider Reports RSS Feed
Escalating efforts to increase the capabilities of rootkits could lead to them becoming a greater presence on the computer security landscape.
 | | Rootkits Pose Big 2007 Threat |  |
Rootkits have not been very common, but when a machine has been rooted they are a complete pain in the gluteals to remove. They are nearly impossible to detect, and criminals have built modern ones that can evade the most common software methods of finding them.
Symantec's Vincent Weaver brings this and other less than cheerful news to security professionals everywhere. In a summary of threats in 2006, he noted the aggressive attacks will be more common in 2007.
Online fraud persists as a problem. Weaver said Symantec has observed about seven million phishing attempts per day taking place. Along with spam, phishes that incorporate VoIP or SMS as a component in their scams have been observed.
Zero-day exploits, attacks created upon revelation of a previously unknown vulnerability, also grew in number in 2006. Weaver said the average time to develop a patch for one took 31 days, compared to a three-day average to create an exploit.
When it comes to rootkits, the potential issue of security becomes even more daunting. Compared to typical viruses and worms, rootkits haven't been as numerous of a threat. That could be changing, as Weaver said his company has seen more mainstream adoption of rootkits as well as polymorphic threats.
Another Symantec staffer discussed rootkits, specifically the Rustock variants. Mimi Hoang wrote how the newest version of Rustock poses more of a problem than the first iteration:
The second version of Rustock, named Rustock.B, employs even more sophisticated techniques than its predecessor - the original Rustock.A. Its advanced rootkit techniques, unique way of system hooking, and use of a polymorphic dropper (combined with a spam component) allow it to hide from many antivirus and antispyware vendors, as well as bypass firewalls and many rootkit detectors.
Firewall evasion likely became more of a concern for criminals when Microsoft dropped a firewall into Windows XP. Threats that tried to hook into services open to the Internet were blocked by firewalls. A shift to application exploits, like those that target Microsoft Office or Internet Explorer, has taken place.
Already, exploits for the newest operating system, Vista, have been created. That OS becomes available to the consumer market next month. It won't be time for people, especially security pros, to relax.
---
Tag: Rootkits
Add to  Del.icio.us |  Digg |  Reddit |  Furl
Get all the updates - 
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
