The programs could be used by malicious hackers to snoop or take total control of an infected PC, in what is now feared could spawn a new generation of spyware or mass-distributing worm.
IDG reporter Paul Roberts in San Francisco writes:
“Once installed, many rootkits simply run quietly in the background, but can easily be spotted by looking for memory processes that are running on the infected system, monitoring outbound communications from the machine, or checking for newly installed programs.
"However, kernel rootkits, which modify the kernel, or core request processing, component of an operating system, are becoming more common. Rootkit authors are also making huge strides in their ability to hide their creations.
"In particular, some newer rootkits are able to intercept queries or 'system calls' that are passed to the kernel and filter out queries generated by the rootkit software. The result is that typical signs that a program is running, such as an executable file name, a named process that uses some of the computer's memory, or configuration settings in the operating system's registry, are invisible to administrators and to detection tools.
"The kernel rootkits are invisible to many detection tools, including anti-virus, host and network intrusion detection sensors (IDS) and antispyware products, researchers say.”
Are you scared yet?
Reply With Quote
