Rootkit use is growing exponentially, as is its sophistication, according to a new report that makes worrying reading for Windows users. The malware family has grown from 27 components to 2,400 in the past five years, according to McAfee. "The legitimising effect of commercial software that employs stealth technologies to cloak its files and processes only reinforces the reality that these technologies are here to stay," said the company in McAfee's Rootkits Part 2: A Technical Primer.
Rootkits consist of malicious software that operates invisibly to users by hiding its files, processes and registry keys. As security companies have introduced scanning methods to combat early rootkits - such as scanning active memory - malware authors have made their code more sophisticated. The latest proof-of-concept rootkits, such as Blue Pill, use virtualisation technologies to operate outside the OS.