Skip Links

Network World

  • Social Web 
  • Email 
  • Close

Microsoft exec warns of rootkits

By Ellen Messmer , Network World , 04/10/2006
  • Share/Email
  • Comment
  • Print

ORLANDO - If your system gets infiltrated by a rootkit, you might as well just "waste the system entirely," a Microsoft official told fellow security professionals last week at the annual InfoSec Conference here.

Microsoft's Mike Danseglio, program manager in the company's security solutions group, was among a host of security experts from big-name companies who swapped advice about protecting networks with 1,700 showgoers.

According to Danseglio, the hacker rootkit is "probably the nastiest piece of malware you'll get," because it is designed to hide unwanted files - or any sign a computer has been compromised - stealthily.

Microsoft dedicates four staffers to analyze rootkit samples found in customer computers or on the Internet. In his presentation, Danseglio offered a list of the most-wanted rootkits (see graphic), adding that 90% of what Microsoft finds relates to Hacker Defender, a rootkit from the Czech Republic-based programmer who calls himself Holy Father. The programmer charges several hundred dollars to make Gold versions of his basic rootkit.

Writing rootkits isn't a crime, but using them to hide code in a computer that's been hacked by other means is, Danseglio said. Holy Father last month indicated he's retiring from his Web site business, leading some to speculate that he's been hired for some purpose somewhere.

According to Danseglio, rootkits have been embedded in many networks, with college campuses especially hard-hit. The University of Washington has become notorious for its students using rootkits to hide pornography and music on the university's servers, he said.

Danseglio offered a list of tools, including a few from Microsoft, that can detect rootkits. But he said there are no simple ways to address the menace. "There are no rootkit-resistant operating systems," Danseglio said.

Lessons shared

Kerry Anderson, a Fidelity Investment Brokerage vice president in the information security group, spoke on the topic of setting up a computer forensics program to tackle crime, including child pornography, terrorism and financial fraud.

Microsoft's most-wanted list
Rootkits that hide in Windows:
Hacker Defender
FU
HE4Hook
Vanquish
AFX
NT Rootkit
Tools that can detect rootkits:
PatchFinder2 and Klister/Flister, proof-of-concept tools from Polish researcher Joanna Rutkoska
RootkitRevealer from Sysinternals
Blacklight from F-Secure
Microsoft File Checksum Integrity Environment
Bootable Antivirus & Recovery Tools from Alwil Software
Knoppix Security Tools Distribution (open source)
Click to see:

A company's first priority should be establishing a policy and internal training for auditing and investigating suspected computer crime, coordinating among the legal, human resources and IT departments, she said.

  • Share/Email
  • Comment
  • Print
Partner Content

Brilliantly simple security and control solutions for email, web and endpoint

www.sophos.com

Stopping data leakage

Learn how to exploit your current security investment to control the information that flows into, through and out of your network.

Download the white paper.

Why detection rates aren't enough

Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.

Download the white paper.

Applications: taking back control

Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.

Learn more today.

Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Videos

rssRss Feed
Get instant email notification when white papers, webcasts, executive guides are added to our library. Stay informed and up-to-date with the latest on IT Technologies with Network World's Resource Alerts.
Network World,to go. Wherever you are. Breaking news delivered to your mobile device. Select the hottest topics in networking and start receiving Network World on your mobile device today.