McAfee, Inc. today announced the availability of ‘Rootkits - Part 2 a Technical Primer,’ which is a whitepaper designed to help IT security professionals better understand the technologies that make stealth possible on the Microsoft Windows platform. The paper also helps IT professionals to examine the basic security architecture of Windows and to explore several methods used by malware authors to hide files, processes and registry keys.
The whitepaper is part two in a series on Rootkits, and is available for download through the McAfee Threat Centre:
http://www.mcafee.com/us/threat_center/default.asp.
McAfee’s findings suggest that these new techniques will continue to challenge the security community, as hackers create stronger and more virulent strains of malware that will prove difficult to detect and delete.
Rootkits is a term commonly used to describe malware such as Trojans, worms and viruses that actively conceal its existence and actions from users and other system processes. It is associated with the term “stealth” because it is using technologies to hide any trace of intrusion.
“The number of Rootkits submitted to McAfee Avert Labs in the first quarter of 2007, compared to the first quarter of 2006, has decreased by 15 percent—demonstrating that we are getting better at capturing existing families and existing techniques,” said Patrick Hayati, Regional Director McAfee Middle East
Rootkit techniques, which were new in the first quarter of 2006, basically included Trojans that were trying to incorporate Rootkit behaviour. Today, we see more samples from existing Rootkit families, whereas new families that employ Rootkit techniques have slowed down.”
Over the past five years, McAfee has seen a significant increase in the number of Windows-based stealth components. Only 27 Rootkit components existed in 2001 and today almost 2400 Rootkit component were found in 2006. McAfee Avert Labs expects to see more than 2,000 Windows-based stealth components by the end of 2007, demonstrating that these technologies are here to stay.
About McAfee Avert Labs
McAfee Avert Labs maintains a top-ranked global security threat and research organization, employing researchers in sixteen countries around the globe. The Labs combine world-class malicious code and anti-virus research with intrusion prevention and vulnerability research expertise.
About McAfee Inc.
McAfee, Inc. is the leading dedicated security technology company. Headquartered in Santa Clara, California, McAfee delivers proactive and proven solutions and services that secure systems and networks around the world. With its unmatched security expertise and commitment to innovation, McAfee empowers home users, businesses, the public sector and service providers with the ability to block attacks, prevent disruptions, and continuously track and improve their security. http://www.mcafee.com
NOTE: McAfee and Avert are registered trademarks of McAfee, Inc. and/or its affiliates in the United States and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners. © 2007 McAfee, Inc. All Rights Reserved.
