Rootkit attacks are becoming harder to remove because they are "residing deeper in the operating system", an antivirus firm warned today.
"Rootkits are continuing to get more stubborn and are penetrating at the kernel mode level where previously they were attacking the user mode level," Ed Kim, director of product management at Symantec, told vnunet.com.
Symantec's recent acquisition of VxMS technology from Veritas allowed it to add protection for rootkit attacks to its latest consumer security products, which are due out next month in the UK.
"The software compares files at the OS file system as well as at the NTFS and if we see a difference then we know there is something that is trying to serve itself," said Kim.
"We are able to make a copy of that rootkit, that driver, and once we have a copy it can be clearly identified by our antivirus engines."
Kim explained that once the file is identified it can be renamed so that any items trying to access it are "unstealthed" because they can no longer find that driver.
Symantec has also added phishing detection abilities to its security software and aims to take the practice further than consulting a blacklist of websites.
"Phishing is the number one problem today," Kim said. "Phishing websites come up and down within a few hours and the time it takes to develop a blacklist can be significant."
According to Kim, Symantec has added advanced heuristics technology from its acquisition of Whole Security to Norton Internet Security.
"Whole Security had behavioural technologies and was the first to protect eBay users and TD Waterhouse and a number of different banks," said Kim.
Rootkits getting more devious
By Matt Chapman on Sep 21, 2006 9:58AM