Rootkits spy in through Windows to see what you are buying; then steal what they can, cloak their existence and leave the door open behind them so more intruders can follow.Not a friendly neighbor.
A set of spyware software tools used by an intruder or hacker to access computer systems, files and personal information, and then conceal their presence, rootkits are becoming an increasing problem for Internet users - and their levels of sophistication are growing, according to a Gartner Research report, as the ability of these rootkits to hide from detection becomes stronger.
The Gartner paper said that spyware attacks with an increase in identity theft and other fraudulent activities soared from $690 million in 2004 to $1.5 billion last year.
"Viruses cause damage, delete files, corrupt data and are active participants in causing damage," said Anne Stanton, CPA and president of the Norwich Group, a national business and technology consulting group. "Spyware and rootkits collect data and send it over the Internet. It's like a bad neighbor, it opens the back door and leaves it open so other people can come and go as they please to steal passwords or data."
Though relatively new in the public eye, rootkits have been around roughly as long as such things as viruses, Trojans and other malicious software tools.
Public awareness of rootkits shot up last year following the Sony CD copy protection controversy. In an effort to stop customers from burning copies of its artists' CDs, Sony BMG Music Entertainment embedded a rootkit called Extended Copy Protection onto their audio CDs. Sony's XCP rootkit helped spread Windows-based worms and viruses that cloaked themselves with XCP's ability to hide within Windows.
Not all rootkits are bad, said Stanton. But even if they are there for marketing purposes, such as to view the shopping habits of a user, they are still compromising the privacy of users and their data so much that they can do just as much damage as a virus or Trojan.
McAfee Inc., a provider of security and risk-management software, announced in an April study conducted by its McAfee Avert Labs - the research arm of the company - that the incident rate of stealth technology has increased by more than 600 percent over the last three years. McAfee also noted that rootkits have become increasingly more complex each year, with online collaboration being a major factor in their spread and increased sophistication.
"Clearly we are seeing that stealth technologies, and rootkits specifically, are increasing at an alarming rate," said Stuart McClure, senior vice president of global threats at McAfee, in a statement. "This trend in malware evolution is creating hardier and ever-more virulent strains of malware that will continue to threaten businesses and consumers alike."
Rootkits.com, a Web site for users to post, chat about and share rootkit source code, currently has more than 41,000 anonymous members.
Protecting data
"Intellectual property is what we create - our accounting records, legal libraries, all the information on our computers," said Tommy Stephens, an Atlanta-based associate and independent consultant for business and technology consulting group K2 Enterprises. "And just as we all buy insurance for our physical properties to ensure our cars and homes are safe, we have to do the same to protect our intellectual property with good passwords, and antivirus and anti-spyware software."
Protecting against rootkits is the same as protecting against any other malware - follow good Internet practices first, and if things start to look suspicious, have a professional check for rootkits and other malware.
Some best practices include common-sense precautions such as not downloading anything questionable, like pictures or graphics from unknown sources, forwarded Web sites - even from friends or family - or any software programs that involve file sharing, like free music download sites.
A few warning signs that might be present if there is a rootkit or other spyware on a users' computer can include a PC opening programs and performing basic tasks much more slowly than it should for its age and model; Windows unexpectedly crashing; or unfamiliar windows or search tools appearing on a desktop that users don't recall being there before.
However, detection of rootkits is difficult because they mask themselves with the names, sizes and creation dates of legitimate files on a computer system. However, anti-virus and anti-spyware providers are creating products to spot rootkits and other malware by operating at the "kernel," or core processing center level. Operating at this level will detect sophisticated new spyware more easily, but may conflict with anti-virus software running at the kernel level as well.
Another rootkit protection tool is coming from Microsoft's new operating system, Vista, which is due out in early 2007. Vista will automatically default users to non-administrator roles, so they can't install software without being set to the administrator function. Currently, Windows XP defaults to an administrator role, allowing users to install programs at will, causing much of the spread of viruses, worms and rootkits.
"We need to get back into the model of running on user or less-privileged mode," said CPA Stanton. "Downloading a rootkit is like having a time bomb on your computer: The intruder can set it off at any time."
