12/8/2005

Where are Rootkits Coming From?

Filed under: — By Aviran Mordo @ 10:44 am

The sharp rise in rootkit detections on Windows machines is a direct result of adware/spyware vendors using sophisticated techniques to hide processes and prevent uninstallation, according to anti-virus vendor F-Secure Corp.

The Finnish company, which ships an anti-rootkit scanner in its security suite, has identified ContextPlus, Inc., makers of the Apropos and PeopleOnPage adware programs, as the company responsible for a large number of stealth rootkit infections.

F-Secure chief incident officer Mikko Hypponen said the company’s BlackLight technology has discovered the use of “very advanced rootkit technologies” in Apropos, a spyware program that collects users’ browsing habits and system information and reports back to the ContextPlus servers.

Like the typical spyware application, Apropos uses the data to serve targeted pop-up advertisements while the user is surfing the Web.

Unlike the average worm or bot that use rootkit technologies to avoid detection, Hypponen said the rootkit features built into Apropos aren’t being used to hide the existence of the program on the machine.

“They’re using a very sophisticated kernel-mode rootkit that allows the program to hide files, directories, registry keys and processes,” Hypponen explained in an interview.

Source: eWeek

 

Leave a Reply

You must have Javascript enabled in order to submit comments.

All fields are optional (except comment).
Some comments may be held for moderation (depends on spam filter) and not show up immediately.
Links will automatically get rel="nofollow" attribute to deter spammers.

Powered by WordPress