Microsoft software giant warned users about a new generation of spyware that is almost impossible to detect. These will be triggered as mass mailing worms and will snoop around everyone's computer like there was no tomorrow. This new type of malware is the latest system monitoring tool hackers and spammers put together and they call it "rootkits".
The "rootkits" were the main topic for security researchers inside the Microsoft Company and they discussed it with industry representatives at the RSA Security Conference in San Francisco.
With names like "Hacker Defender", "FU" and "Vanquish", the programs are the latest generation of remote system-monitoring software that has been around for years, according to Mike Danseglio
and Kurt Dillard, both of Microsoft's Security Solutions Group. They are all used to control, attack or snoop for information from systems on which the software has been installed, generally without the owner knowing about it, either by a virus or after a successful hack of the computer's defenses.
After installation, many "rootkits" run quietly in the background but can easily be spotted by looking for memory processes that are running on the infected system, monitoring outbound communications from the machine, or checking for newly installed programs.
The increasingly sophisticated rootkits and the speed with which techniques are migrating from rootkits to spyware and viruses may be the result of influence from organized online criminal groups that value stealthy, invasive software.
The kernel "rootkits" are invisible to many detection tools, including antivirus, host and network intrusion-detection sensors and antispyware products, the researchers said. In fact, some of the most powerful tools for detecting the "rootkits" are designed by rootkit authors, not security companies, they said.
Microsoft researchers have developed a tool called
Strider GhostBuster that can detect rootkits by comparing clean and suspect versions of Windows and looking for differences that may indicate that a kernel rootkit is running, according to a paper published by Microsoft Research.
RELATED LINKSSymantec and McAfee launch Enterprise antispyware softwareBill Gates wants more done with security updatesSpyware: threat bigger then viruses
Find us on Google+
