The Rootkit and Botnet menace

Just when you thought things couldnít get worse, they did. The latest bits of malware floating around the Net and on that copy-protected CD one of your managers just played on his PC are rootkits and botnets. These threats have managed to stay ahead of security software for now. Botnets not only use the latest trends in encryption and polymorphism, they conceal themselves in rootkit code to permanently reside and remain undetected on compromised systems. This is like Jack the Ripper becoming Invisible Man. The recent brouhaha about Sony Musicís copy protected CDs having a rootkit that affected one in six DNS servers, across a statistical sampling of one third of the 9 million DNS servers that security researcher Dan Kaminsky estimates are in existence, could just be the tip of the iceberg as the security battle intensifies.

BotnetóStealth Code

The sudden spate of improvements in bot design and state of the art stealth technology is a result of the phenomenal growth of botnets as an underground industry. The bot masters collaborate, share code and help each other develop mutated bots that are rich in capabilities and commands. Modular bot designs allow these black hat hackers to come out with bots in record time using new methods to exploit emerging vulnerabilities in operating systems and applications.

Botnets and rootkits have been around for a while but their combination into a unified, malicious attack tool has caused shockwaves worldwide. The saddest bit is that even those enterprises that have conscientiously invested in deploying the best security solutions available and implemented comprehensive security policies are soft targets for the botnet industry. The slow response of leading security vendors in developing solutions despite the onslaught has only raised the concerns of IT-enabled services and enterprises. The Rootkit and Botnet menace

Linked by shanmuga Sunday, 22nd January 2006 6:33AM