Cameras
Camcorders
Cell Phones
Components
Desktops
HDTV
Home Theater
GPS
Laptops
Monitors
MP3 Players
Networking &
Printers
Storage
Like Trojan horse programs, rootkits install themselves by exploiting flaws in your PC's network security or by piggybacking onto e-mail messages or downloaded programs. They often open back doors for their remote puppet masters, who may be looking for credit card numbers, a broadband-connected spamming platform, or the simple thrill of the hack. But unlike standard Trojan horses, rootkits infiltrate the operating system at a deeper level, using security privileges to better hide themselves.
Detection Work
Like detecting viruses and worms, trapping rootkits is a cat-and-mouse game. Shortly after F-Secure released Blacklight, the author of a rootkit called Hacker Defender posted a video demonstrating a new version of his rootkit defeating Blacklight and several other defensive tools, including RootkitRevealer.
Since rootkits can work with spyware, viruses, and other malware in blended threats, security vendors are sharpening the tools they'll need for detecting them. According to Russ Cooper, who founded and moderates the NTBugtraq newsletter, looking for the kinds of techniques that rootkits use is a good idea. But Cooper doesn't think that rootkit infections are on the rise. "Rootkits are no more prevalent now than they've ever been," he believes. And as for rootkit removal tools, Cooper remarks that "only a person with very little knowledge would try to remove a rootkit," adding that the one certain cure is to wipe the hard disk and reinstall the OS. Mikko Hypponen, F-Secure's director of antivirus research, mostly concurs with Cooper, but points out that Blacklight can address situations where no known good backup is available.
Rootkit detectors and antivirus programs will continue to look for ways to outhack the hackers. But for now, standard security tools such as a good firewall and up-to-date antivirus protection are the best defense against rootkits.
