Enterprise anti-virus vendor Sophos on Aug. 23 released a free rootkit detection and removal tool alongside a warning that the stealthy malware threat is a legitimate security concern for businesses.
Sophos, of Lynnfield, Mass., said its rootkit cleaner offers an easy-to-use interface to scan all running processes, local hard drives and the Windows registry for rootkits.
The company joins a growing list of Internet security vendors adding rootkit-scanning capabilities to their product lines. Finnish anti-virus outfit F-Secure offers the BlackLight rootkit clean-up utility, while BitDefender and others are beta testing similar offerings.
Offensive rootkits, which are typically used by malicious attackers to hide malware on Windows machines, gained mainstream media prominence in November 2005 when it was discovered that Sony BMG used stealthy techniques on music CDs to hide a DRM (digital rights management) scheme.
Rootkits are programs that are used to give a remote user persistent access to a compromised system while avoiding detection from security scanners.
According to statistics from Microsofts malicious software removal tool, rootkits present a "potential emerging threat," but Sophos said a recent Web poll of 335 business users found that 55 percent of respondents worry that a rootkit might infect their computers. A surprising 37 percent admitted to not knowing what a rootkit was, the company said.
Now the company has released a free scanner that promises to identify known rootkits and selects, by default, malicious files for removal. Sophos said the tool will remove the rootkit component of the malware without compromising OS integrity.
The rootkit detection and clean-up tool will allow users to remove unidentified hidden files, but does not allow removal of essential system files when hidden by an identified rootkit.
Once the user runs a scan, Sophos said the screen prompts the user through the necessary steps until every rootkit has been removed.