As I have written before rootkits are gaining widespread attention. Now, I should point out that these are nothing new. For the uninitiated a rootkit is a collection of tools a hacker (or nefarious organization) can use after having compromised a system. Once root level access has been gained a rootkit’s purpose is to maintain that access in such a way as to avoid detection. Sometimes the hacker will install rogue versions of applications. One example would be changing notepad.exe to run a trojanized version on windows or changing the “LS” command to open a listening port on a *nix system. The user at that point unwittingly participating in their own compromise. The more dangerous rootkits are ones such as the Adore rootkit, have hooks into the kernel. This allows to the rootkit to manipulate the kernel and avoid detection. The Sony rootkit has managed to bring this malware right to the forefront in the media. This was first brought to light by Mark Russinovich at the end of October 2005. This rootkit was capable of sending a users personal information back to Sony without the users knowledge, let alone consent. This cause was championed by the folks at the EFF and eventually led to the legal community taking notice. It’s amusing to me to see how this had developed into a story that the mainstream media was not been quick to pick up on and in the case of CNN…removed from their site altogether.
