|
Difficult to detect and nearly impossible to remove, rootkits may already own your systems.
Rootkit is a scary word to a CIO. It conjures visions of worms eating through the network, backdoors opened to sensitive or proprietary information, users unaware of their credit card numbers being stolen, and the stifling cost of incident response. Rootkits are discussed in hushed tones, as if the mere word will summon one from the ether. At the end of the day, rootkits are like any other malware, but tougher to detect and remove. Competitive corporations, organized crime and terrorists are using these tools to attack networks and steal data. While customer data theft can cost a company millions, insider threats are the major problem. More than 70 percent of a company's value may be held in its intellectual property assets, a prime target for competitive intelligence gathering. Rootkits can be used to steal information without detection, which is what makes them so dangerous. Bad guys design rootkits to stay hidden for years, so they have continued access to information. Although they come in many shapes and flavors, suffice it to say, rootkit is a fairly new word for a backdoor. Many techniques used by rootkits were pioneered by virus developers in the early '90s, and the rise of the Internet fueled the need for a remotely accessible backdoor. While Unix systems continue to be targeted, rootkits rapidly evolved to target ubiquitous Windows machines.
Rootkits have become so powerful they can evade desktop firewalls, virus scanners and IDS/IPS products. Today, rootkits are advancing upon cellular phones, the 64-bit Vista operating system and device firmware. Rootkits old and new continue to be a threat to your data.
Hidden Roots
What many IT and security professionals don't know is that modern rootkits are much more powerful and difficult to detect than advertised.
None of the currently available rootkit detection solutions, commercial or research, are effective at detecting rootkits. The failed detection techniques range from signature-based scanning to heuristics. A recent study conducted by SAIC and HBGary for DARPA pitted rootkits, old and new, against commercial and public domain detection tools. Not a single detection tool could detect all the rootkits. Most couldn't even detect more than 25 percent of the sample set. This is startling, considering that many of the sampled rootkits have been in the public domain for several years.
|
 |
|
