Slashdot Mirror

← Back to Stories (view on slashdot.org)

Rootkit Creators Turn Professional

Posted by ryuzaki0 on from the where-the-money-is dept.

pete richards writes "Signalling a trend towards increased 'outsourcing' of some elements of malware creation, worm authors are increasingly turning to commercially available rootkits to help their creations slip past virus detection engines. Those root kits in the mean time are becoming more professional. Antivirus vendor F-Secure reported last week that it had detected a first rootkit designed to bypass detection by most of the modern rootkit detection engines."

6 of 117 comments (clear)

  1. Re:Wicked by SimilarityEngine · · Score: 3, Informative

    You were looking for this website presumably.

    --
    Those who can make you believe absurdities can make you commit atrocities. - Voltaire
  2. Re:Waiting for Vista by Anonymous Coward · · Score: 3, Informative

    Umm..did you know that rootkits were out for *nix long before windows? The rootkits for those systems are far more sophisticated.

  3. Re:How dare they! by KiloByte · · Score: 4, Informative

    Like, SuckIt?

    --
    The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
  4. Re:Misuse of the term by jaseuk · · Score: 5, Informative

    Root kits will normally includ things such as modded ps and other modified binaries so that the system appears to be running fine, yet has a backdoor and any logging / system monitoring tools will not show any processes or activity.

    There is more to a root kit than just a replacement ps, but of course that is a critical element.

    No it's not rocket science, but in practice modding system binaries whilst on the outside keeping the system appearing to be running normally is much harder, different library / operating system / architectures to deal with and the fact that you are messing around with core system files.

  5. Re:Misuse of the term by PhilHibbs · · Score: 3, Informative
    Wikipedia agrees with the Jargon File:
    A root kit is a set of tools used by an intruder after cracking a computer system. These tools can help the attacker maintain his or her access to the system and use it for malicious purposes.

    See also Sysinternals's Rootkit Revealer:
    The term rootkit is used to describe the mechanisms and techniques whereby malware, including viruses, spyware, and trojans, attempt to hide their presence from spyware blockers, antivirus, and system management utilities.
  6. Re:Easy prey? by ArsenneLupin · · Score: 4, Informative
    There probably isn't a law against rootkits, and there shouldn't be. There should be a law against using them to break into systems that you are not authorized to enter, and there is a law against that.

    A rootkit isn't a tool to break into a machine; it's a tool to hide your presence once you've already broken into the machine...

    Is VNC a rootkit?

    No. But a tool hiding VNC from the process list might be.