In-depth

The poisonous rootkits rocking the security world

There are some seriously stealthy rootkits running on computers today. Tom Brewster investigates the extent of the problem...

Rootkits have been around for years. Born in the UNIX world over two decades ago, the term remained a part of UNIX and Linux experts' argot until the mid-2000s.

Thanks to a Sony BMG gaffe in 2005, rootkits entered the lexicon of almost everyone in the tech world. To stop people copying music excessively once installed on Windows systems, Sony ensured users didn't just download tunes when they shoved CDs into their computers, they got rootkits too.

Sony didn't appear to realise the security implications of what they were doing. By installing the Extended Copy Protection (XCP) and MediaMax CD-3 software on user systems, Sony wasn't just invading people's privacy without them knowing. It admitted the rootkit included "a feature that may make a user's computer susceptible to a virus written specifically to target the software."

Things only worsened when Sony issued its rootkit removal tool, which opened up a flaw for other malware to exploit. After all this was discovered, Sony was sued and had to recall the millions of affected CDs.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Once installed, a rootkit acts like a malware invisibility cloak.

It was one of the most significant moments in IT security history. Sony may have settled the lawsuits but the damage was done. The world now knew what rootkits were and what they were capable of. Worst of all, cyber criminals were inspired to create some seriously pernicious rootkits, some of which are leaving security companies whimpering in their labs.

The end game for cyber criminals themselves is simply to evade detection, covering up malicious software doing nasty things to infected systems.

"Cyber criminals are not unlike pickpockets in the real world: they try to remain as inconspicuous as possible, quietly 'working the crowds' as they target other people's property," said Kaspersky senior technology consultant David Emm. "Rootkits are a key part of the cyber criminal's armoury. Once installed, a rootkit acts like a malware invisibility cloak to hide any tell-tale signs that a malicious program is installed."

The classic kernel kits

The most concerning rootkits around today are those that target the OS kernel. "The most advanced rootkits in the wild are still kernel-based rootkits, malicious software that work from inside the operating system," said Marco Giuliani, threat research analyst at Webroot. "They are able to spread in the wild without being blocked by most security software."

Advertisement - Article continues below

The rootkit of the TDL or TDSS malware is one of the nastiest kernel-focused kits around today. Over the past three years, various versions have upped its capabilities to make it incredibly difficult to identify. It is the dark chameleon of the security world, the evil twin of Where's Wally?.

TDL-4 is the latest incarnation. It appeared in mid-2010, able to in infect both 32-bit and 64-bit operating systems, making widely-used versions of Windows vulnerable. The rootkit infects the boot sector, meaning malicious code is loaded before the operating system. To do this, TDL-4 gets into the Master Boot Record (MBR). This is what makes TDSS so stealthy.

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Most Popular

Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/operating-systems/microsoft-windows/354526/memes-and-viking-funerals-the-internet-reacts-to-the
Microsoft Windows

Memes and Viking funerals: The internet reacts to the death of Windows 7

14 Jan 2020
Visit/hardware/laptops/354533/dell-xps-13-new-9300-hands-on-review-chasing-perfection
Laptops

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020