The rise of rootware

The rise of rootware

In their talk at Black Hat, R^2: The Exponential Growth of Rootkit Techniques, security researchers Jamie Butler and William Arbaugh laid out a beginner's course on rootkits to kick off a day of programming around that topic. Butler and Arbaugh covered the history of rootkits, dating the awareness of the concept, which they define as any software that hides its operation from the system kernel, administrator, and security software, back to Clifford Stoll's bestselling book, The Cuckoo's Egg, in the late 1980s. Over the next 20 years, rootkits remained a quiet element in the security field, mostly affecting enterprise networks and mostly seen in user applications. Recently, however the controversy around Sony's use of a rootkit last year brought rootkits back into the news. That's bad, the researchers say. The heightened awareness and the fact that most security software can't accurately detect rootkits got spyware companies interested in using the technology to hide their keystroke loggers and other malware from users and security software alike. The researchers have dubbed this new convergence rootware. They noted that rootkits do have good uses as well as bad, making detection and remediation difficult. They cited the similarity between ZoneAlarm and the UAY rootkit from China that uses many of the same processes as ZoneAlarm, which offers kernel-based firewall protection.

About the author

    As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.

     

    Join the discussion

    Conversation powered by Livefyre

    Show Comments Hide Comments