Home > Uncategorized > Rootkits Will Proliferate

Rootkits Will Proliferate

This blog entry addresses the fourth of my ten predictions regarding events and trends that I have predicted will transpire in 2008. This prediction is:

4. There will be a proliferation of rootkits, particularly kernel-level rootkits and rootkits that work as spyware, to the point that a surprisingly large percentage of systems that connect to the Internet will be rootkit-infected without the knowledge of either users or system administrators.

Before discussing why I believe that this prediction will come true, I’d like to provide a quick introduction to the term “rootkit.” A rootkit is a special kind of Trojan horse program that once installed on a system alters a system’s operating system in some manner so that signs of an attacker’s presence on the system are eliminated, thereby allowing the attacker to avoid being detected. User-level rootkits replace executables and system libraries that system managers and users use. Kernel-level rootkits, the more deadly of the two, modify portions of the kernel of a compromised system’s operating system; some kernel-level rootkits go so far as to actually swap out the kernel with a new one that accomplishes the attacker’s dire purposes.

As many others and I have said so many times before, today’s attackers are often if not usually motivated by the desire to gain financially from their activities. If their unauthorized activity is discovered, technical staff can intervene and if so, can terminate the attacker’s access from the system, clean and restore the compromised system, and so forth. In the worse case (from the attacker’s perspective), the identity of the attacker might even become apparent, thereby leading to the possibility of arrest. Because rootkits are so highly conducive to attacker goals and because rootkits keep getting more proficient in what they do, to predict that rootkits will become even more abundant in 2008 is thus not exactly rocket science.

Trends in the number of rootkits found in real-world settings over the last few years also give credence to my prediction. Various statistics about rootkit prevalence indicate a substantial growth in the number of rootkits found in real-world settings. Recent research by Trend Micro, McAfee and Microsoft has consistently showed that the number of rootkits found in these settings over a time period between 12 and 15 months grew substantially. Interestingly, Microsoft’s research also showed that approximately 14 percent of the systems examined that had malware infections had been compromised by rootkits.

Unfortunately, rootkits are here to stay. And watch out, because the rootkit problem is soon going to reach epidemic proportions.

Categories: Uncategorized Tags:
  1. No comments yet.
  1. No trackbacks yet.
You must be logged in to post a comment.