A new type of malware — or rather an emerging technology used by malware and spyware —is gaining relevance: rootkits. When this malware is executed and installed, it modifies the Windows API library and redirects function calls used by Windows components and applications to hide its presence on the system.
If, for instance, the rootkit modifies the Windows function to list directory contents, neither Windows Explorer nor ‘DIR’ command show the folder content. Virus scanners relying on these functions cannot detect files and folders hidden by this technology. Yet, the malware files still exist on the hard drive.
“While in the past, viruses were designed to propagate fast and focus attention by wreaking havoc on entire networks, new threats like spyware and botnets are designed to remain undiscovered on affected systems as long as possible,” says Justin Doo, regional director, Trend Micro Middle East and Africa. “Rootkit technologies allow spyware and bots to hide their files and configurations from the user and sometimes even evade detection from virus-scanners.”
Effective protection against rootkits requires a three-fold approach: prevention, bypassing possible compromised OS-functions, and behavior monitoring. Rootkits and rootkit-enabled malware are typically spread by email, spam, instant messaging and vulnerability exploits. Trend Micro can prevent rootkits from being downloaded with gateway and end point security solutions that can identify rootkits effectively before they have been executed and installed.
“This threat is not likely to disappear any time soon. We will probably see more and more financially motivated malware using this kind of stealth techniques to hide itself and stay on affected systems longer,” adds Doo.
About Trend Micro, Inc
Trend Micro Incorporated is a pioneer in secure content and threat management. Founded in 1988, Trend Micro provides individuals and organizations of all sizes with award-winning security software, hardware and services. With headquarters in Tokyo and operations in more than 30 countries, Trend Micro solutions are sold through corporate and value-added resellers and service providers worldwide. For additional information and evaluation copies of Trend Micro products and services, visit our Web site at www.trendmicro.com.
# # #
Trend Micro and the t-ball logo are trademarks or registered trademarks of Trend Micro Incorporated. All other company or product names may be trademarks or registered trademarks of their owners. Information is accurate time it was written and is subject to change without notice.
