The number of malicious programs is on the rise, according to McAfee's Avert Labs, with exponential increases in rootkits and Windows-based stealth components.
Hackers are increasingly using rootkit technology to hide spyware and other malware from security software.
In the first quarter of 2006, the number of rootkits increased by 700 percent over the year-ago period, according to McAfee. Meanwhile, the number of Windows-based stealth components dominate the landscape, with an increase of 2,300 percent from 2001 to 2005.
It warned that it is becoming harder than ever for security firms to prevent, detect, and remove these programs.
The reason for the explosion in the use of rootkit is motivated mainly by financial reward. The hackers sell the rootkits to criminal gangs who use the technology to install malware such as Trojans or keystroke loggers so they can steal people's personal data such as bank details.
It is in fact a big selling point for rootkit developers to boast that their technology has not as yet been detected by security firms.
Stealth Technology Skyrockets
Why have incident rates of stealth technology increased by more than 600 percent in the last three years alone? The open source environment, along with online collaboration sites and blogs, are partially to blame for the increased proliferation and complexity of rootkits, McAfee said.
The sudden rise in online collaborative research efforts using Web sites that contain hundreds of lines of rootkit code, available for recompiling, adapting, and improving, along with rootkit binary executables are key factors.
"Last year there were a couple of Web sites that became popularized in understanding and developing rootkit technologies. We also saw that the term rootkit became generalized in the media," Ken Dunham, senior engineer at threat intelligence firm iDefense , a VeriSign (Nasdaq: VRSN) company, told TechNewsWorld. "The debate over the Sony (NYSE: SNE) rootkit sparked interest in it as well. Whenever you have a lot of interest and you have tools and capabilities and well-developed community forums to develop things, you are gong to see a lot of it."
Hidden Agendas
With the availability of rootkit code and stealth creation kits, malware authors can more easily hide processes, files, and registry keys, without detailed knowledge of the target operating system . The power and versatility of stealth technologies have driven their spread into nearly every known form of malware. Their popularity has grown beyond malware into mainstream commercial software, with some security software vendors and consumer electronics firms recently being "outed" for using stealth technologies in their products, McAfee said.
At the end of last year, iDefense discovered a worm called Feebs. The worm spread a new variant every two or three days. Upon deeper investigation, iDefense learned that the Feebs worm included rootkit functionality. The worm evades detection, and that is a key characteristic of the latest Internet threats, Dunham said: "We knew without a doubt that 2006 would be the year of the rootkit because it's all about stealth for survival when people are coding for cash."
Future
Analysts expect to see continued increases in malicious code that uses rootkit technology because the code is readily available, it's not difficult to implement, and there are plenty of users that support the development of rootkits. That means even a novice can perpetrate this stealth attack.
"It's all about hiding it so you can maintain extended control over a computer because then you can profile it and steal more. In today's world, with identity theft running rampant, they need more than just your credit card. They need to get your date of birth and your social to get maximum profit on your computer. So it's about remaining stealthy," Dunham said.
There are solutions to detect rootkits, like F-Secure's Blacklight and Sysinternals' RootkitRevealer, two that Dunham has tested and reports work well.
Although less of a problem, McAfee warned that the technology is now being used to cloak files and processes from the user and from security software to prevent its detection and removal.
The most famous example of this is the XCP anti-piracy application introduced last year by Sony BMG. The technology was intended to prevent illegal copying of music CDs, but posed a significant security risk to computers on which it was installed.
Hackers are increasingly using rootkit technology to hide spyware and other malware from security software.
In the first quarter of 2006, the number of rootkits increased by 700 percent over the year-ago period, according to McAfee. Meanwhile, the number of Windows-based stealth components dominate the landscape, with an increase of 2,300 percent from 2001 to 2005.
It warned that it is becoming harder than ever for security firms to prevent, detect, and remove these programs.
The reason for the explosion in the use of rootkit is motivated mainly by financial reward. The hackers sell the rootkits to criminal gangs who use the technology to install malware such as Trojans or keystroke loggers so they can steal people's personal data such as bank details.
It is in fact a big selling point for rootkit developers to boast that their technology has not as yet been detected by security firms.
Stealth Technology Skyrockets
Why have incident rates of stealth technology increased by more than 600 percent in the last three years alone? The open source environment, along with online collaboration sites and blogs, are partially to blame for the increased proliferation and complexity of rootkits, McAfee said.
The sudden rise in online collaborative research efforts using Web sites that contain hundreds of lines of rootkit code, available for recompiling, adapting, and improving, along with rootkit binary executables are key factors.
"Last year there were a couple of Web sites that became popularized in understanding and developing rootkit technologies. We also saw that the term rootkit became generalized in the media," Ken Dunham, senior engineer at threat intelligence firm iDefense , a VeriSign (Nasdaq: VRSN) company, told TechNewsWorld. "The debate over the Sony (NYSE: SNE) rootkit sparked interest in it as well. Whenever you have a lot of interest and you have tools and capabilities and well-developed community forums to develop things, you are gong to see a lot of it."
Hidden Agendas
With the availability of rootkit code and stealth creation kits, malware authors can more easily hide processes, files, and registry keys, without detailed knowledge of the target operating system . The power and versatility of stealth technologies have driven their spread into nearly every known form of malware. Their popularity has grown beyond malware into mainstream commercial software, with some security software vendors and consumer electronics firms recently being "outed" for using stealth technologies in their products, McAfee said.
At the end of last year, iDefense discovered a worm called Feebs. The worm spread a new variant every two or three days. Upon deeper investigation, iDefense learned that the Feebs worm included rootkit functionality. The worm evades detection, and that is a key characteristic of the latest Internet threats, Dunham said: "We knew without a doubt that 2006 would be the year of the rootkit because it's all about stealth for survival when people are coding for cash."
Future
Analysts expect to see continued increases in malicious code that uses rootkit technology because the code is readily available, it's not difficult to implement, and there are plenty of users that support the development of rootkits. That means even a novice can perpetrate this stealth attack.
"It's all about hiding it so you can maintain extended control over a computer because then you can profile it and steal more. In today's world, with identity theft running rampant, they need more than just your credit card. They need to get your date of birth and your social to get maximum profit on your computer. So it's about remaining stealthy," Dunham said.
There are solutions to detect rootkits, like F-Secure's Blacklight and Sysinternals' RootkitRevealer, two that Dunham has tested and reports work well.
Although less of a problem, McAfee warned that the technology is now being used to cloak files and processes from the user and from security software to prevent its detection and removal.
The most famous example of this is the XCP anti-piracy application introduced last year by Sony BMG. The technology was intended to prevent illegal copying of music CDs, but posed a significant security risk to computers on which it was installed.