Internet security practitioners in attendance described the Shadow Walker prototype as "scary." "These guys are here showing us that we havent even scratched the surface where rootkits are concerned. You can use this technique for all kinds of dangerous things without the victim ever knowing," said Sunil Daya, a senior security engineer with an IT services firm.Another attendee, who declined to be identified, said he was pleased that the research work done by Sparks and Butler was publicly discussed. "These are real-world threats that we have to be prepared for. Whats to say the spyware guys arent already doing this?" Sparks recommended that anti-virus vendors rethink the way rootkit scans are conducted and said the best solution to detecting a program like Shadow Walker would be a hardware memory scanner with access to read physical memory. The new research comes at a time when security researchers are discovering rootkit-like features in common spyware programs. Using rootkit techniques, sophisticated spyware coders are able to gain administrative access to compromised machines to run stealthy updates to the software or reinstall spyware programs after a user deletes them. Microsofts long-term plans for its Windows AntiSpyware application include the integration of rootkit detection technology from its Strider Ghostbuster research project. Rootkit detection is coming to Windows AntiSpyware. Click here to read more. Strider Ghostbuster is a prototype developed the software makers Cybersecurity and Systems Management Research Group to provides a straightforward way to detect Windows rootkits by comparing scan results between a clean system and one that may potentially be compromised. Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
"The kernel rootkits we know about today are very powerful and sophisticated, but this takes it to a different level. It shows how far behind we are," Daya said, moments after listening to the presentation.