Symantec has discovered a new rootkit called Backdoor.Rustock.A which could give computer users a serious headache in the future.
The rootkit is virtually indetectable by virus scanners because it cunningly avoids using the standard method of infiltration, as Ars Technica explains
. Virus software counts the number of processes running at a very high level then the number at a very low level. If the two are the same, then everything is fine. If there is another process running at a low level, you know you've got a rootkit.
Rustock.A, however, hides its work within other processes
such as driver and kernel operations, meaning that it doesn't alter the process count, so virus software will not realise it is there.
It can also change its code and alter its behaviour when it detects a virus scanner running.
The code is basically proof of concept at the moment, but expect to see a heck of a lot more of this type of virus in the future, as those seeking to take control of your machine get a lot more sophisticated. Clearly, virus scanners are also going to have to think about how to detect rootkits in a different way.
Got a thought on intrusive software? Put it in our forums.