January 13, 2006
Rootkits Are In The News Again
ZDNet and others are reporting that Norton SystemWorks uses rootkit technology to hide a directory so a user wouldn't accidentally delete it. The problem with this is the same problem that plagued Sony's use of the technology: hackers can use these hidden directories to hide malware there as well. The more ironic problem, of course, is that this is coming from a trusted name in personal computer security. Symantec has issued a patch, which is linked from the story.
There is some question in terms of the reporting on this development as to whether whether this is really a rootkit. See this in eWeek, for example. Symantec refers to the item as a hidden folder rather than a rootkit. What ever the semantics (no pun intended), the net effect is an insecure spot on a computer that is not subject to a scan by virus and other spyware removal programs. The company recognizes this, hence the patch that reveals the folder's existence. This story has more statements from the company about the characterization of the threat.
The alleged Symantec "rootkit" was found by researchers at Finland-based F-Secure and Mark Russinovich of Sysinternals, who also found the Sony rootkit. Russinovich, along with Bryce Cogswell, has developed a nifty piece of freeware called RootkitRevealer which is available here. The source page has a great description of the rootkit problem and how to use the software to discover if your machine has hidden folders on it.
January 13, 2006 | Permalink
TrackBack URL for this entry:
Listed below are links to weblogs that reference Rootkits Are In The News Again: