- Bank Web sites full of security holes
- SCO Group: Its future is all used up
- Maligned feature being added to IPv6
- I returned my iPhone 3G after six days!
- VPNs: Six burning questions
News | Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
Rootkits are becoming more prevalent and difficult to detect, and security vendor McAfee says the blame falls squarely on the open source community.
In its "Rootkits" report being published today, McAfee says the number of rootkits it has collected as malware samples has jumped ninefold this quarter compared with the same quarter a year ago. Almost all the rootkits McAfee has identified are intended to hide other code (such as spyware or bots) or conceal processes running in Windows systems.
"The predominant reason for the growth in use of stealthy code is because of sites like Rootkit.com," says Stuart McClure, senior vice president of global threats at McAfee
Rootkit.com's 41,533 members do post rootkit source code anonymously, then discuss and share the open source code. But it's naïve to say the Web site exists for malicious purposes, contends Greg Hoglund, CEO of security firm HBGary and operator of Rootkit.
"It's there to educate people," says Hoglund, who's also the co-author with James Butler of the book Rootkits: Subverting the Windows Kernel . "The site is devoted to the discussion of rootkits. It's a great resource for anti-virus companies and others. Without it, they'd be far behind in their understanding of rootkits."
Forum:
Is open source to blame? Share your thoughts
No one with a profoundly malicious intent would post his rootkit on the site, because it would be publicly analyzed for detection purposes, Hoglund says. He concedes, however, that out of the tens of thousands of Rootkit participants, there are bound to be those whose intent is to exploit rather than learn.
Anti-virus vendor Trend Micro says the Rootkit Web site cuts both ways.
"We need those open source people," says David Perry, global director of education at Trend Micro. "They uncover things. It's a laboratory of computer science. They demand the intellectual right to discuss this."
That said, Perry notes there are a lot of hacker wannabes who would be drawn to using the Rootkit site "as one-stop shopping for them to pick up the tools."
Designing a rootkit is a complex programming process. Hoglund says there are probably no more than 20 or 30 main types today, along with a wide number of variants.
Detecting rootkits has become a software research frontier, but eradicating them and what they hide is proving even more difficult.
If the IT manager is knowledgeable regarding Cisco technology, he would have 2 options. Option 1 - Consult...- Anonymous
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.
Download the white paper.
Unauthorized applications: Taking back control
Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?
Download the white paper.
Comment