What's a rootkit? It's a hacker program that can be used to take over and monitor or control your system remotely. Some can even make changes to the operating system kernel!
Microsoft Corp. security researchers are warning about a new generation of powerful system-monitoring programs, or "rootkits," that are almost impossible to detect using current security products and could pose a serious risk to corporations and individuals.
The researchers discussed the growing threat posed by kernel rootkits at a session at the RSA Security Conference in San Francisco this week. The malicious snooping programs are becoming more common and could soon be used to create a new generation of mass-distributed spyware and worms.
With names like "Hacker Defender," "FU" and "Vanquish," the programs are the latest generation of remote system-monitoring software that has been around for years, according to Mike Danseglio and Kurt Dillard, both of Microsoft's Security Solutions Group.
The programs are used by malicious hackers to control, attack or ferret information from systems on which the software has been installed, typically without the owner's knowledge, either by a virus or after a successful hack of the computer's defenses, they said. Once installed, many rootkits run quietly in the background but can easily be spotted by looking for memory processes that are running on the infected system, monitoring outbound communications from the machine, or checking for newly installed programs.
Full Story
Here.
