In-depth

The poisonous rootkits rocking the security world

There are some seriously stealthy rootkits running on computers today. Tom Brewster investigates the extent of the problem...

Rootkits have been around for years. Born in the UNIX world over two decades ago, the term remained a part of UNIX and Linux experts' argot until the mid-2000s.

Thanks to a Sony BMG gaffe in 2005, rootkits entered the lexicon of almost everyone in the tech world. To stop people copying music excessively once installed on Windows systems, Sony ensured users didn't just download tunes when they shoved CDs into their computers, they got rootkits too.

Sony didn't appear to realise the security implications of what they were doing. By installing the Extended Copy Protection (XCP) and MediaMax CD-3 software on user systems, Sony wasn't just invading people's privacy without them knowing. It admitted the rootkit included "a feature that may make a user's computer susceptible to a virus written specifically to target the software."

Things only worsened when Sony issued its rootkit removal tool, which opened up a flaw for other malware to exploit. After all this was discovered, Sony was sued and had to recall the millions of affected CDs.

Once installed, a rootkit acts like a malware invisibility cloak.

It was one of the most significant moments in IT security history. Sony may have settled the lawsuits but the damage was done. The world now knew what rootkits were and what they were capable of. Worst of all, cyber criminals were inspired to create some seriously pernicious rootkits, some of which are leaving security companies whimpering in their labs.

The end game for cyber criminals themselves is simply to evade detection, covering up malicious software doing nasty things to infected systems.

"Cyber criminals are not unlike pickpockets in the real world: they try to remain as inconspicuous as possible, quietly 'working the crowds' as they target other people's property," said Kaspersky senior technology consultant David Emm. "Rootkits are a key part of the cyber criminal's armoury. Once installed, a rootkit acts like a malware invisibility cloak to hide any tell-tale signs that a malicious program is installed."

The classic kernel kits

The most concerning rootkits around today are those that target the OS kernel. "The most advanced rootkits in the wild are still kernel-based rootkits, malicious software that work from inside the operating system," said Marco Giuliani, threat research analyst at Webroot. "They are able to spread in the wild without being blocked by most security software."

The rootkit of the TDL or TDSS malware is one of the nastiest kernel-focused kits around today. Over the past three years, various versions have upped its capabilities to make it incredibly difficult to identify. It is the dark chameleon of the security world, the evil twin of Where's Wally?.

TDL-4 is the latest incarnation. It appeared in mid-2010, able to in infect both 32-bit and 64-bit operating systems, making widely-used versions of Windows vulnerable. The rootkit infects the boot sector, meaning malicious code is loaded before the operating system. To do this, TDL-4 gets into the Master Boot Record (MBR). This is what makes TDSS so stealthy.

Featured Resources

The ultimate guide to business connectivity in field services

A roadmap to increased workplace efficiency

Free download

The definitive guide to migrating to the cloud

Migrate apps to the public cloud with multi-cloud infrastructure solutions

Free download

Transform your network with advanced load balancing from VMware

How to modernise load balancing to enable digital transformation

Free download

How to secure workloads in hybrid clouds

Cloud workload protection

Free download

Recommended

Intel begins construction of two new chip factories in Arizona
components

Intel begins construction of two new chip factories in Arizona

27 Sep 2021
Auto sector could lose $210 billion this year due to chip shortages
Hardware

Auto sector could lose $210 billion this year due to chip shortages

24 Sep 2021
Malware developers create malformed code signatures to avoid detection
malware

Malware developers create malformed code signatures to avoid detection

24 Sep 2021
Building a business case for SAP on AWS
Whitepaper

Building a business case for SAP on AWS

8 Sep 2021

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

17 Sep 2021
What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

17 Sep 2021