April 17, 2006 12:17 PM PDT

Rootkit numbers rocketing up, McAfee says

Rootkits, used by hackers to hide malicious software, are on the rise and becoming more complex, according to security company McAfee.

In the first quarter, the number of rootkits seen by McAfee's Avert Labs grew by 700 percent, compared with the same period last year, the company said Monday. Its research into "stealth techniques" also covered cloaking technology bundled with commercial programs, such as Sony BMG's antipiracy tool, and with potentially unwanted software such as adware.

While the use of such techniques to hide activity on computers has been around since 1986, their number and complexity have accelerated over the last three years, according to a McAfee report released Monday (Click here for PDF). In the first quarter alone, the Avert Labs found more than 827 stealth techniques. That contrasts with about 70 found in the same period in 2005 and with approximately 769 for the whole of that year.

"This trend in malware evolution is creating hardier and ever more virulent strains of malware that will continue to threaten businesses and consumers alike," Stuart McClure, McAfee senior vice president of global threats, said in a statement.

An "open-source environment" for development of stealth code among hackers is driving this rapid growth, McAfee said. Collaborative Web sites and blogs contain hundreds of lines of rootkit code for recompiling and enhancing the technology, along with rootkit binary executables, McAfee said.

As a result, attackers have an easier time creating ways to hide their malicious files, processes and registry keys without extensive knowledge of the targeted operating system.

"Collaboration does more than just spread stealth technologies. It also fosters the development of new and more sophisticated stealth techniques," the report's authors wrote. One way they gauged the complexity of the programs was by counting the number of component files in a software package.

During the first quarter, 612 stealth components were submitted to Avert Labs, compared with 60 in the same period last year, the report noted. The first-quarter figure was also nearly equal to that for all of 2005.

McAfee noted an increase in commercial software using stealth techniques to conceal code. Companies that have turned to the use of such technology include record label Sony BMG, which used it to hide copy protection code, and Symantec, which later stepped back from using it in its Norton SystemWorks PC-tuning application. The report did not label such stealth technology as rootkits, a word it said should be used in relation to malicious software.

While Microsoft's Windows is the main target of malicious rootkits because of its high level of use, McAfee also noted that its many undocumented application programming interfaces (APIs) make it an attractive target.

In gauging the future growth of rootkits, McAfee noted that while Microsoft's broad release of Vista looms on the horizon, a lull in Windows-related attacks won't come until there's widespread adoption of the new operating system, as was seen in the release of Windows 95.

"We can predict that, in the coming two or three years, the growth of rootkits for the current Windows architecture will reach an annual rate of at least 650 percent," the report stated.

See more CNET content tagged:
rootkit, McAfee Inc., Sony BMG Music Entertainment, malicious software, malware

2 comments

Join the conversation!
Add your comment
If anyone wants Rootkit info, call Sony
They seem to be very involved in Rootkit development.
Posted by bobby_brady (765 comments )
Reply Link Flag
And who's to blame?
NO... NO... NO... McAfee has this all wrong... (* CHUCKLE *)

Per the past articles on everybody trying to blame Sony for using RootKit like software... and my claim that it wasn't in as much Sony as it was Microsoft for allowing such to be performed...

Well... here's the rest of the story.

It isn't nor was it ever Sony... it's been Microsoft's security weakness all along. As the article says: >>>The use of such techniques to hide activity on computers has been around since 1986<<<

And it wasn't Sony that made it popular either... it was all of the news media blowing the story sky high that turned hackers to start using that Microsoft weakness too!

Walt
Posted by wbenton (522 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.