Rootkits help disguise malware

When this malware is executed and installed, it modifies the Windows API library and redirects function calls used by Windows components and applications to hide its presence on the system.

If, for instance, the rootkit modifies the Windows function to list directory contents, neither Windows Explorer nor 'DIR' command show the folder content. Virus scanners relying on these functions cannot detect files and folders hidden by this technology. Yet, the malware files still exist on the hard drive.

"While in the past, viruses were designed to propagate fast and focus attention by wreaking havoc on entire networks, new threats like spyware and botnets are designed to remain undiscovered on affected systems as long as possible," says Justin Doo, regional director, Trend Micro Middle East and Africa.

"Rootkit technologies allow spyware and bots to hide their files and configurations from the user and sometimes even evade detection from virus-scanners."

Effective protection against rootkits requires a three-fold approach: prevention, bypassing possible compromised OS-functions, and behavior monitoring. Rootkits and rootkit-enabled malware are typically spread by email, spam, instant messaging and vulnerability exploits. Trend Micro can prevent rootkits from being downloaded with gateway and end point security solutions that can identify rootkits effectively before they have been executed and installed.

"This threat is not likely to disappear any time soon. We will probably see more and more financially motivated malware using this kind of stealth techniques to hide itself and stay on affected systems longer," adds Doo.