Uber-rootkits challenge security community

McAfee warns that stealth malware is getting more dangerous.

Rootkits are rapidly becoming more prolific and more virulent, IT security experts warned today.

McAfee reported that rootkits, including malware such as Trojans, worms and viruses that actively conceal their existence at a low level within operating systems, are becoming more prevalent and more sophisticated.

The security firm warned that rootkit techniques will continue to challenge the security community as hackers create more potent and more virulent strains.

"The number of rootkits submitted to McAfee Avert Labs in the first quarter of 2007, compared to the first quarter of 2006, has decreased by 15 percent demonstrating that we are getting better at capturing existing families and existing techniques," said Jeff Green, senior vice president at McAfee Avert Labs.

"Rootkit techniques, which were new in the first quarter of 2006, basically included Trojans that were trying to incorporate rootkit behaviour.

"Now we see more samples from existing rootkit families, whereas new families that employ rootkit techniques have slowed down."

McAfee reported seeing a significant increase in the number of Windows-based stealth components over the past five years. Only 27 rootkit components existed in 2001, while almost 2,400 rootkit components were found in 2006.

The company expects to see more than 2,000 Windows-based stealth components by the end of 2007, demonstrating that these technologies are here to stay.

The security firm today announced the availability of a whitepaper, Rootkits Part 2: A Technical Primer, designed to help IT security professionals better understand the technologies that make stealth possible on the Microsoft Windows platform.