Tuesday, 31 July 2007

McAfee Rootkit Detective Sniffs out Hidden Malware

McAfee has introduced its latest security tool, Rootkit Detective, claiming its ability to help computer users clean their machines of increasingly prevalent hidden malicious codes known as rootkits.

A free tool, the Rootkit Detective lets computer users look under the hood of their PC operating system and could be used, for example, when there are signs of a compromise, such as a sudden slowdown or suspicious network activity.

Cybercrooks use rootkits to hide other nefarious programs on compromised PCs. In 2006 the number of rootkits hit 3,284 and has already more than doubled in the first half this year to 7,325. Malicious rootkits are sold on underground online markets. Some hackers even create custom rootkits for payment. Often the software is used to hide a backdoor on a computer that lets miscreants enter surreptitiously. Typically a rootkit arrives in a Trojan horse or via a malicious download. Some adware makers use rootkits to cover up their software.

Developed by Avert Labs--McAfee’s global security threat and research organisation-- the solution apparently uncovers hidden processes, registry entries and files and lets users safely remove or disable them upon system reboot. In addition, Rootkit Detective can scan the integrity of a PC’s kernel memory and display any modification, which may also point to a system compromise.

Using Rootkit Detective, consumers and businesses can submit samples to Avert Labs. After analyses, a signature for the rootkit is created and added to McAfee's client security products for enhanced rootkits detection and protection capabilities.

According to MaAfee, since the initial trial release of Rootkit Detective in January, the application has been downloaded over 110,000 times.

Rootkit Detective is available at: http://vil.nai.com/vil/stinger/rkstinger.aspx