Rootkits getting more devious
Rootkit attacks are becoming harder to remove because they are “residing deeper in the operating system”, an antivirus firm warned today.
“Rootkits are continuing to get more stubborn and are penetrating at the kernel mode level where previously they were attacking the user mode level,” said Ed Kim, director of product management at Symantec.
Symantec’s recent acquisition of VXMS technology from Veritas allowed it to add protection for rootkit attacks to its latest consumer security products.
“The software compares files at the OS file system as well as at the NTFS and if we see a difference then we know there is something that is trying to serve itself,” said Kim.
“We are able to make a copy of that rootkit, that driver, and once we have a copy it can be clearly identified by our antivirus engines.”
Kim explained that once the file is identified it can be renamed so that any items trying to access it are “unstealthed” because they can no longer find that driver.
Symantec has also added phishing detection abilities to its security software and aims to take the practice further than consulting a blacklist of websites.
“Phishing is the number one problem today,” Kim said. “Phishing websites come up and down within a few hours and the time it takes to develop a blacklist can be significant.”