Findings Suggest Online Collaboration Sites and Blogs Contribute to the Increased Proliferation and Complexity of Rootkits
McAfee, Inc. , today announced research study (.PDF) results from McAfee AVERT Labs that demonstrate that the use of stealth technologies to conceal both malware and commercially viable Potentially Unwanted Programs (PUPs) is on the rise. In the last three years alone, the incident rate of stealth technology has increased by more than 600 percent. McAfee considers malicious programs using stealth technology to be rootkits, distinct from commercial applications that use stealth technology.
McAfee believes the sudden rise of stealth technologies may be attributable to online collaborative research efforts using Web sites that contain hundreds of lines of rootkit code, available for recompiling, adapting, and improving, along with rootkit binary executables. With the availability of rootkit code and stealth creation kits, malware authors can more easily hide processes, files, and registry keys, without detailed knowledge of the target operating system. The power and versatility of stealth technologies have driven their spread into nearly every known form of malware. Their popularity has grown beyond malware into mainstream commercial software, with some security software vendors and consumer electronics firms recently being ‘outed’ for using stealth technologies in their products.
Key research findings include:
- The number of rootkits submitted to McAfee AVERT Labs in the first quarter of 2006 compared to the first quarter of 2005 increased by nearly 700%.
- The number of Windows-based stealth components dominate the landscape, with an increase of 2300% from 2001 to 2005.
- The “open-source” environment, along with online collaboration sites and blogs, are largely to blame for the increased proliferation and complexity of rootkits.
“Clearly we are seeing that stealth technologies, and rootkits specifically, are increasing at an alarming rate,” said Stuart McClure, senior vice president, global threats at McAfee. “This trend in malware evolution is creating hardier and ever more virulent strains of malware that will continue to threaten businesses and consumers alike.”
The McAfee AVERT Labs research also highlights several factors behind the increase in both rootkit adoption and diversity, motivations driving rootkit writers, and technological trends that will shape the future of rootkits.