Malware and rootkits team up for mayhem

Home alone after school one day, Tommy scans through the latest blogs and teen Web sites, stopping for a chat or two. Somewhere along the way, the computer's browser hits a site that instantly and silently loads a fourth-generation rootkit onto his system. Without anyone's knowledge, the anti-virus application no longer updates or scans for viruses, the firewall opens ports it shouldn't and, when Tommy's father later logs on to his online bill-paying application, the logon data is automatically transmitted to a server belonging to an identity theft cartel.

Fourth-generation rootkits are so good at hiding themselves that detection and removal goes beyond the capability of home network users and existing signature-based security technologies.

"It's very feasible for attackers to merge rootkits with information-gathering tools and with covert channel tools for stealth communication over firewall-protected networks," says Joanna Rutkowska, rootkit researcher and administrator of . "By definition, it's much more difficult to detect rootkit-protected attacks from attacks that aren't protected by rootkits. As such, I think the number of [rootkit] infections in the wild is underestimated." Malware and rootkits team up for mayhem

Linked by shanmuga Tuesday, 6th December 2005 8:56PM