Rootkit - A New Threat ?, Protect Yourself Options

[www.yourforum.gr]

The Threat - Rootkits


What is a rootkit?

The term rootkit is very old and is dated back to the days when UNIX ruled the world. Rootkits for the UNIX operating system were typically used to elevate the privileges of a user to the root level (=administrator). This explains the name of this category of tools.

Rootkits for Windows work in a different way and are typically used to hide malicious software from for example an antivirus scanner. Rootkits are typically not malicious by themselves but are used for malicious purposes by viruses, worms, backdoors and spyware. A virus combined with a rootkit produces what was known as full stealth viruses in the MS-DOS environment.

How dangerous is a rootkit?

The rootkit itself does typically not cause deliberate damage. Its purpose is to hide software. But rootkits are used to hide malicious code. A virus, worm, backdoor or spyware program could remain active and undetected in a system for a long time if it uses a rootkit.

The malware may remain undetected even if the computer is protected with state-of-the-art antivirus. And the antivirus can't remove something that it can't see. The threat from modern malware combined with rootkits is very similar to full stealth viruses that caused a lot of headache during the MS-DOS era. All this makes rootkits a significant threat.

How common is the problem?

There are currently several spyware programs and viruses that use rootkits to hide. There are also a couple of publicly reported intrusions where rootkits have been used (for example the theft of the Half-Life 2 source code).

Rootkits are already quite common in spyware programs but not as common in viruses. There is clear evidence that rootkits is a technique that works in practice. But the actual threat is still small compared to the potential of this technique.

What malware uses rootkit techniques?

First of all, "real" rootkits such as Hacker Defender and FU, of course. Then some spyware/adware programs such as EliteToolbar, ProAgent, and Probot SE. Some Trojans such as Berbew/Padodor and Feutel/Hupigon, and also some worms e.g. Myfip.h and the Maslan-family.

Shouldn't antivirus detect rootkits before they go into hiding?

Yes, and in some cases it will. However, rootkits are usually distributed in source code and that means a hacker can modify the rootkit until antivirus products no longer detect it. In fact, many rootkit and Trojan authors sell "undetection service" to their "customers". This means that for a certain amount of money they guarantee that the rootkit binary they sell is not at that point detected by any antivirus vendors. There are also some other features in modern antivirus products that may detect rootkits. For example F-Secure Internet Security 2005 has a feature we call "Manipulation Control". It is a behavioral blocking mechanism that prevents malicious processes from manipulating other processes. This will prevent the activation of some rootkits, but not all.

What's the forecast for rootkits?

Rootkits are already quite common in the spyware field and they are becoming more commonly used among virus authors as well. Virus writers of today are becoming more professional and have a business purpose for their activities. They certainly have the skills and motivation to implement the added complexity that rootkits introduce in a virus or worm.

Rootkits can make hidden backdoors or spam-relays in infected computers useful for a much longer time. There is reason to believe that the use of rootkits will increase in the future.

Source : F-Secure

[www.yourforum.gr]

What is F-Secure BlackLight?

F-Secure BlackLight Rootkit Elimination Technology detects objects that are hidden from users and security tools and offers the user an option to remove them. The main purpose is to fight rootkits and all kinds of malware that use rootkits. The F-Secure BlackLight Rootkit Elimination Technology works by examining the system at a deep level. This enables BlackLight to detect objects that are hidden from the user and security software.

What are the key benefits of F-Secure BlackLight Rootkit Elimination Technology?

F-Secure BlackLight can detect and eliminate active rootkits from the computer. Traditional antivirus scanners can't detect active rootkits.
On a normal system F-Secure BlackLight does not confront the user with a long list of suspected objects. This makes F-Secure BlackLight useful even for non-technical users.
F-Secure BlackLight Rootkit Elimination Technology can be used in the background during normal system operation. Other available scanners require a reboot during scan or may produce false positives if the system is used during scanning.
For whom is F-Secure BlackLight intended?

F-Secure BlackLight is intended for all computer users who want additional security by checking their system for rootkits. F-Secure BlackLight is suitable for use in both home and business environments.

How can I try F-Secure BlackLight Rootkit Elimination Technology?

NOTE: Stand-alone BlackLight beta's expiration has been extended until 1st of January 2006. An integrated BlackLight engine has been included in the F-Secure Internet Security 2006 suite.

Try Blacklight BETA

[www.yourforum.gr]

[center][/center]

Future Threats Are Coming Closer

Did you know that it is possible to hide spyware or a virus in a way that will fool even the traditional antivirus products?
Some spyware programs are already using so-called rootkits to hide deep in the system. And, virus authors are joining in. Learn more about the threat called rootkit.



The Cure - Innovative New Technology

Now, there is a cure, F-Secure BlackLight Rootkit Elimination Technology. And, it's time to find out, whether your computer is infected by invisible rootkits. Read more about this innovative counter-measure F-Secure BlackLightTM.

[NickTheGreek]

[title]F-Secure BlackLight 2.2.1046 Beta [/title]

F-Secure BlackLight Rootkit Elimination Technology detects objects that are hidden from users and security tools and offers the user an option to remove them. The main purpose is to fight rootkits and all kinds of malware that use rootkits. The F-Secure BlackLight Rootkit Elimination Technology works by examining the system at a deep level. This enables it to detect objects that are hidden from the user and security software.

F-Secure BlackLight is able to correctly ignore non-malicious objects and alerts only on real rootkits, which makes it useful even for users without technical knowledge. It is also able to deal correctly with files that have been modified during the scanning process. This makes it possible to use it in the background without interrupting normal work.

Rootkits for Windows work in a different way and are typically used to hide malicious software from for example an antivirus scanner. Rootkits are typically not malicious by themselves but are used for malicious purposes by viruses, worms, backdoors and spyware. A virus combined with a rootkit produces what was known as full stealth viruses in the MS-DOS environment.
The rootkit itself does typically not cause deliberate damage. Its purpose is to hide software. But rootkits are used to hide malicious code. A virus, worm, backdoor or spyware program could remain active and undetected in a system for a long time if it uses a rootkit.
The malware may remain undetected even if the computer is protected with state-of-the-art antivirus. And the antivirus can't remove something that it can't see. The threat from modern malware combined with rootkits is very similar to full stealth viruses that caused a lot of headache during the MS-DOS era. All this makes rootkits a significant threat.

Homepage - http://www.f-secure.com/blacklight

Size: 799 KB

Download Freeware

[Aciid]

Well as far as i know rootkit's have been around really long. Not like theyre not dangerous but u can admin like an entire server as in said in the f-secure report.
Hiding the cracker n its files and processes. So its only dangreous in wrong hands my self im fearing it greatly because i use linux as an primary os.
I have SuSE 10.0 32bit x86. I dont use windows any more because it has much more problems and leaks and leafs
But im quite sure about my privacy & security that i cant get attacked and cracked.