The use of rootkits to conceal both malware and commercially viable Potentially Unwanted Programs (PUPs) is on the rise, new research warned today.
According to the latest report from McAfee's AVERT Labs, in the last three years alone the incident rate of stealth technology has increased by more than 600 percent. The study considers malicious programs using stealth technology to be rootkits, distinct from commercial applications that use stealth technology.
McAfee said the sudden rise of stealth technologies may be attributable to online collaborative research efforts using websites that contain hundreds of lines of rootkit code, available for recompiling, adapting and improving, along with rootkit binary executables.
With the availability of rootkit code and stealth creation kits, malware authors can more easily hide processes, files and registry keys, without detailed knowledge of the target operating system.
The report warns that the power and versatility of stealth technologies have driven their spread into nearly every known form of malware: "Their popularity has grown beyond malware into mainstream commercial software, with some security software vendors and consumer electronics firms recently being 'outed' for using stealth technologies in their products," McAfee stated.
The research indicates that the number of Windows-based stealth components dominate the landscape, with an increase of 2,300 percent being recorded by AVERT from 2001 to 2005.
The "open-source" environment, along with online collaboration sites and blogs, are blamed for the increased proliferation and complexity of rootkits.
"Clearly we are seeing that stealth technologies, and rootkits specifically, are increasing at an alarming rate," said Stuart McClure, senior vice president, global threats at McAfee. "This trend in malware evolution is creating hardier and ever more virulent strains of malware that will continue to threaten businesses and consumers alike."