This long and well written piece at InfoWorld traces the history and current status of rootkits, a pernicious threat that has security forces worried.
Rootkits are programs that hide themselves in operating system kernels, applications or elsewhere. When paired with malicious software, they cause severe ongoing damage. This is scary stuff. Consider this passage from a PC Magazine story about Windows-based rootkits:
[The rootkit] intercepts the function call and changes the results, eliminating any reference to the malware's protected files. Similar techniques hide Registry entries, processes, network connections, and so on.
A rootkit not only compromises the network, but cleans up so that its activities aren't apparent.
The InfoWorld story is most interesting when it traces the recent history of rootkits. These programs have been around for a long time, but only became a major concern in 2005, when Sony BMG used one to install copyright protection on its CDs when they were played on PCs. Those rootkits, the story says, were poorly designed and opened the door to viruses and other problems. An uproar ensued. This issue was settled in late 2006. The damage was done, however, and rootkits suddenly were on the map for crackers.
There is good news and bad recently. The bad news is that a well-known researcher, Joanna Rutkowska, is slated to demonstrate rootkits' vulnerabilities and other problems she's found in the Microsoft Vista operating system at the Black Hat Briefing and Training conference slated for Las Vegas July 28 to August 2. Meanwhile, Symantec says that rootkits are gaining in complexity.
The good news is that security vendors aren't taking this lightly and help is available to those willing to seek it. The PC Magazine piece reviews four anti-rootkit products and mentions several others, while vnunet.com covers two programs from Grisoft that are available for free -- and provides the links.
Rootkits are frightening to security forces -- and attractive to hackers -- because of their ability to evade virus detection. IT managers of unprotected organizations should research and ultimately deploy rootkit-specific software as quickly as possible.