Monday, July 17, 2006

'Invisible' Rootkit Heralds Trouble Ahead

Legitimate researchers discovered this technique a month or so ago, but released very few details, for rather obvious reasons. Coders in Russia and elsewhere seem to have run with the ball and developed code that they released into the wild.

These rootkits (and there are already a couple, each with a variation or two) run inside normal processes, such as device drivers, and so are very, very hard to detect. I suspect detection is possible and those of us who do tech are going to have to scramble to keep up with the situation as it changes; not least finding and learning to use tools which can detect and remove these dangerous programs.

Jack

No comments:

Post a Comment

All comments are moderated.

Note: Only a member of this blog may post a comment.