Rootkit use is growing exponentially, as is its sophistication, according to a new report that makes worrying reading for Windows users. The malware family has grown from 27 components to 2,400 in the past five years, according to McAfee. “The legitimising effect of commercial software that employs stealth technologies to cloak its files and processes only reinforces the reality that these technologies are here to stay,” said the company in McAfee’s Rootkits Part 2: A Technical Primer.
Rootkits consist of malicious software that operates invisibly to usersby hiding its files, processes and registry keys. As security companieshave introduced scanning methods to combat early rootkits – such asscanning active memory – malware authors have made their code moresophisticated. The latest proof-of-concept rootkits, such as Blue Pill,use virtualisation technologies to operate outside the OS.