Slashdot Mirror

← Back to Stories (view on slashdot.org)

Rootkit Creators Turn Professional

Posted by ryuzaki0 on from the where-the-money-is dept.

pete richards writes "Signalling a trend towards increased 'outsourcing' of some elements of malware creation, worm authors are increasingly turning to commercially available rootkits to help their creations slip past virus detection engines. Those root kits in the mean time are becoming more professional. Antivirus vendor F-Secure reported last week that it had detected a first rootkit designed to bypass detection by most of the modern rootkit detection engines."

1 of 117 comments (clear)

  1. Re:Misuse of the term by jaseuk · · Score: 5, Informative

    Root kits will normally includ things such as modded ps and other modified binaries so that the system appears to be running fine, yet has a backdoor and any logging / system monitoring tools will not show any processes or activity.

    There is more to a root kit than just a replacement ps, but of course that is a critical element.

    No it's not rocket science, but in practice modding system binaries whilst on the outside keeping the system appearing to be running normally is much harder, different library / operating system / architectures to deal with and the fact that you are messing around with core system files.