New hacker tools
Signalling a trend towards increased ‘outsourcing’ of some elements of malware creation, security experts are reporting a surge in the level of professionalism and commercialisation in the creation of so-called rootkits.
A rootkit is a tool that helps worm authors to slip past malware detection tools. The rootkit is ‘wrapped around’ the virus, and hides its payload from detection engines. After the rootkit has penetrated a system’s defences, the worm can start doing its work.
Antivirus vendor F-Secure reported last week that it had detected a new rootkit designed to bypass detection by most of the modern rootkit detection engines.
Traditionally a rootkit would be designed to evade only one security product, such as Symantec’s or F-Secure’s antivirus scanners.
“The professionalism of these rootkits is coming to another level,” said Allen Schimel, chief strategy officer at StillSecure, a developer of intrusion detection, vulnerability management and network access control applications.