The Next Microsoft Windows Internet Epidemic Exposed

SpyCop today announced that RootKits are the next great Internet epidemic. A RootKit is a program installed into a system at a very low level, giving it free reign over a user's computer. This usually involves installing a "fake" device driver into Windows. Because device drivers have free reign over the hardware and software running around them, these RootKits can permit everthing from hacker breakins to identity theft.

(PRWEB) November 29, 2005 -- SpyCop today announced that RootKits are the next great Internet epidemic. A RootKit is a program installed into a system at a very low level, giving it free reign over a user's computer. This usually involves installing a "fake" device driver into Windows. Because device drivers have free reign over the hardware and software running around them, these RootKits can permit everthing from hacker breakins to identity theft.

RootKits have been around since the home PC was invented, but only recently have RootKits made headlines largely because Sony BMG decided to implement a DRM system using RootKit technology. This secretly installed software was at such a low level that the rootkit could be exploited by hackers. It didn't take long before malicious trojans and backdoors popped up based on the Sony Rootkit. RootKits are also used by script kiddies who form BotNets, or advertising systems whereby a rootkit is used to make their advertising Bot undetectable. They make money from their affiliate programs with the advertisers. Lastly, a few commercial spy programs have begun to use RootKit technology to install a keylogger as a system device driver. This makes them very stealthy and opens potential backdoors to outside hackers.

Detecting RootKits is difficult from a programmatic point of view. Any program run after the RootKit loads is at the RootKit's mercy. Fortunately, most RootKits have a fatal flaw - they try to hide themselves. This is where products such as SysInternals RootKitRevealer and Microsoft's Strider GhostBuster come into play. From Microsoft's GhostBuster site: "Strider GhostBuster detects API-hiding rootkits by doing a "cross-view diff" between "the truth" and "the lie". It's not based on a known-bad signature, and it does not rely on a known-good state. It targets the fundamental weakness of hiding rootkits, and turns the hiding behavior into its own detection mechanism." Lastly, a brute force dedicated spy scanner such as SpyCop can be used to seek out rootkit based surveillance programs by scanning all files on a user's drive.

"The recent flurry of activity regarding RootKits will no doubt have the same results that all publicity does. Hackers and software developers will create products that will exploit the holes in RootKits and attempt to use them to their own advantage.", explains SpyCop Founder Grey McKenzie. "RootKits are being used more and more with Botnet rings being just the beginning of things to come."

Web Links -

SysInternals RootKit Revealer - http://www.sysinternals.com/Utilities/RootkitRevealer.html

Microsoft Strider GhostBuster - http://research.microsoft.com/rootkit/

SpyCop Scanner - http://www.spycop.com/products.htm

ABOUT SPYCOP:

SpyCop, LLC is the only company in the security industry to develop DEDICATED software designed to protect the general public from so called "undetectable" commercial surveillance spy software. SpyCop, LLC is a privately held company that has been providing the top surveillance spy detection solution since November 2000. The SpyCop® software for Microsoft Windows continues to be the leading dedicated surveillance scanner on the market.

PRODUCT EVALUATION:

http://www.spycop.com/download.htm

CONTACT:

SpyCop, LLC

Grey McKenzie - Founder

Web - http://www.spycop.com/press007.htm

# # #