McAfee, Inc. announced the availability of Rootkits Part 2: A Technical Primer, a whitepaper designed to help IT security professionals better understand the technologies that make stealth possible on the Microsoft Windows platform. The whitepaper is part two in a series on rootkits, and is available for download through the McAfee Threat Center: http://www.mcafee.com/us/threat_center/default.asp .
Rootkits — a term commonly used to describe malware such as Trojans, worms and viruses — actively conceal their existence and actions from users and other system processes. Because rootkits use technologies to hide any trace of intrusion, the term rootkit is associated with the term “stealth.”
Rootkits Part 2: A Technical Primer examines the basic security architecture of Windows and explores several methods used by malware authors to hide files, processes and registry keys. McAfee’s findings suggest that these new techniques will continue to challenge the security community, as hackers create stronger and more virulent strains of malware that will prove difficult to detect and delete.
“The number of rootkits submitted to McAfee Avert Labs in the first quarter of 2007, compared to the first quarter of 2006, has decreased by 15 percent — demonstrating that we are getting better at capturing existing families and existing techniques,” said Jeff Green, senior vice president, McAfee Avert Labs. “Rootkit techniques, which were new in the first quarter of 2006, basically included Trojans that were trying to incorporate rootkit behavior. Now we see more samples from existing rootkit families, whereas new families that employ rootkit techniques have slowed down.”
Over the past five years, McAfee has seen a significant increase in the number of Windows-based stealth components. Only 27 rootkit components existed in 2001, and today almost 2400 rootkit component were found in 2006. McAfee Avert Labs expects to see more than 2,000 Windows-based stealth components by the end of 2007, demonstrating that these technologies are here to stay.