Rootkit Creators Turn Professional 117
pete richards writes "Signalling a trend towards increased 'outsourcing' of some elements of malware creation, worm authors are increasingly turning to commercially available rootkits to help their creations slip past virus detection engines. Those root kits in the mean time are becoming more professional. Antivirus vendor F-Secure reported last week that it had detected a first rootkit designed to bypass detection by most of the modern rootkit detection engines."
What's the point of this type of hacking? (Score:2, Interesting)
Or is there a Matrix-esque cabal of midnight hackers out there dressed in trenchcoats and sunglasses who are busy at work undermining the government? I find that hard to believe.
I find it easy to believe that there are foreign governments very interested in this type of thing, but it is difficult to imagine ordinary citizens having both the desire and the wherewithal to perform serious attacks and avoid prosecution.
Or maybe I am just having the wool pulled over my eyes.
It's organised crime becoming more sophisticated (Score:2, Interesting)
Fact or fiction? (Score:5, Interesting)
I guess Bruce Schneier is right when he suggests that the way to improve some aspects of security, anyway, is by placing responsibility firmly on outfits like banks and ISPs who'll get smacked mightly hard in the wallet - by law, this time - unless they raise their game. That might put some pressure on OS-makers and their pals to design products that don't also need AV checkers that are dependent on signature libraries and prey to zero-day exploits.
Love the quote from a researcher saying that the alleged sale of rookits means that "there is a criminalisation of the virus world going on." As if it hasn't been criminal till now, just good clean fun ho ho.
Re:Misuse of the term (Score:5, Interesting)
We can sit here all night posting back and forth "is not," "is too" but I don't think that we'll get any further. If you're so certain on your position please take 30 seconds and find something reasonably definitive to support your position.
Mods - before modding anything else in this thread please take the time to actually look up what a rootkit is...
For the record, an exploit is software designed to gain unauthorized access to a system. A rootkit is a set of tools used to maintain such access without the knowledge of the admin of the cracked system. Typically it includes modified ps, login/su/sshd, etc.
The whole idea of a rootkit is to make sure you can get back into the system a week later when the admin has patched the original vulnerability. If you rm the ps command it probably won't take long for the admin to figure out what happened.
The best way to detect a rootkit is via tripwire, run from a boot CD. There really isn't any way of defeating this method of detection, but it is very inconvenient since it requires brining the system offline for scanning. There are tools like rkhunter which search for rootkits on running systems, and in theory these can be defeated by a very clever rootkit.
Re:Waiting for Vista (Score:4, Interesting)
Which is the principle difference between *nix and windows. Most of the holes in unices have been found over the years. Windows was only exposed to wide area networks in a serious way over the last ten years. The bugs are still being found.
Re:Misuse of the term (Score:2, Interesting)
Now that we have seen proof of checksum collisions, I do not doubt that the next big thing in malware circles will be to create modified binaries whose checksums are the same as the originals
Re:Wicked (Score:3, Interesting)
Comment removed (Score:3, Interesting)
Re:Easy prey? (Score:2, Interesting)
I agree with your point of view that a blanket "all are responsible" response is not the best course of action, as I've wondered how long it will be before people like the authors of security books get bundled into the category of "they supplied the knowledge to make this attack possible, therefore they are guilty as well".
OTOH it might be considered negligent to have access to a dangerous piece of software available to the public domain at all, (even if it hidden behind some form of security).
Re:How dare they! (Score:3, Interesting)
Re:How dare they! (Score:5, Interesting)