Search



AuthenticationWorld.Com

About

This page contains a single entry from the blog posted on February 26, 2007 8:34 AM.

The previous post in this blog was Phishing crimeware reaches highest level in December.

The next post in this blog is More ways to penetrate a wireless network.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]

« Phishing crimeware reaches highest level in December | Main | More ways to penetrate a wireless network »

Something to be very nervous about

In December 2006, F-Secure researcher Kimmo Kasslin wrote a paper "Kernel Malware: The Attack from Within" and a presentation that outlined the growth of rootkit malware attacks. What made these very interesting and worrisome were the following:

1. While rootkit attacks still only make up a small percentage of overall attacks, they are growing very quickly.
2. He indicates in his paper that most anti-virus and other malware detection solutions are either incapable of detecting the rootkit or, if they do detect are very weak in removing the rootkit.
3. He also indicates the extreme damage that the rootkit can do to an enterprise.

This warning also fits in with a blog I wrote in the fall "Finding and removing rootkit attacks - How secure do you feel?". That blog was based on tests Symantec released comparing itself to other vendors re rootkit attack detection and removal.

The enterprise firewall, intrusion prevention and identity authentication schemes can be relatively easily bypassed via rootkits. Take note!

Guy
www.authenticationworld.com
guy.huntington@authenticationworld.com

Posted by Guy Huntington on February 26, 2007 8:34 AM |

TrackBack

TrackBack URL for this entry:
http://www.authenticationworld.com/cgi-bin/blog/mt-tb.cgi/122

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)