The term rootkit entered more people’s lexicon as it was used to describe the Sony Digital Rights Management software. Spyware vendors have been using rootkits to prevent the uninstallation of their malware. Increased usage of antispyware products and their incorporation in antivirus products have caused them to use less obvious and more lasting methods.
Gregg Keizer of techweb reports:
Richard Stiennon, director of threat research for anti-spyware vendor Webroot, agrees that rootkits are being used by spyware and adware vendors.
“In the first half of the year, all we really saw was proof-of-concept code rootkits in spyware,” says Stiennon. “Once they got that to work, though, since May really, we’ve seen several different rootkits in use.”
There are dozens of simple ways to hide from the Windows file system, some enough to defeat elementary defenses, notes Stiennon, but the more sophisticated spyware suppliers have turned to rootkits. “It’s still a minority of the spyware and adware that’s using rootkits,” he says. “But it’s the cutting edge for them. All the new stuff we’re seeing uses rootkit techniques.
“It’s more important to hide if you rely on revenue-generating software that most people want to uninstall,” he adds.
Its more important now than ever to make sure your antivirus and and antispyware products are able to detect rootkits as this problem is only going to get worse.