Currently there are numerous rootkits available for almost any operating system. Researchers have recently seen some rootkits that almost have a commercial feel to them, designed on a custom basis for a fee to evade many antivirus vendors for a small fee.
When dealing with rootkits and malicious code, many security professionals focus on tools and technology. While this is important, it is not as important as developing a security team's ability to deal with rootkits.
When I work on a certification and accreditation project, I like to set up a scenario where I install a rootkit on a system and ask the security team to identify and remove it. Rather then relying on documented procedures or proof that they are updating their antivirus on a regular basis, I like to see how the team responds when they have a live situation to resolve.
As for technology, I like working with RootkitRevealer, F-Secure Corp.'s BackLight tool and the freely available IceSword. It is always a good idea to get a second (or possibly even a third) opinion when dealing with rootkits because they are constantly evolving to bypass rootkit-detection techniques and technologies.
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from John Strand
Expert John Strand reveals an interesting way of addressing man-in-the-middle attacks. Continue Reading
Expert John Strand explains how to shore up security as you plan a large-scale advertising campaign. Continue Reading
Expert John Strand reveals two exciting trends in antivirus software. Continue Reading