BitDefender Ships Anti-Rootkit Beta

BitDefender has joined a growing list of security vendors testing tools for rootkit detection and cleanup.

The anti-virus vendor, a division of Softwin based in Bucharest, Romania, on July 7 lifted the wraps off a new anti-rootkit utility that promises to spot and delete stealthy software programs that are used by malicious hackers to hide malware.

BitDefenders rootkit cleaner will be available as a free stand-alone utility for registered beta testers.

The companys immediate plan is to add rootkit-detection features to its product suite, starting with the next iteration of its consumer Internet security suite.

In an interview with eWEEK, Vito Souza, North American marketing coordinator for BitDefender, said the startling rise in rootkit infections on Windows machines has made it mandatory for security products to include rootkit-detection capabilities.

According to data culled from Microsofts MSRT (malicious software removal tool), rootkits on Windows machines are a “potential emerging threat.” Of the 5.7 million machines cleaned by the tool since January 2005, 14 percent were infected with a rootkit.

/zimages/6/28571.gifFor advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.

In 20 percent of the cases when a rootkit was found and removed, at least one back-door Trojan was also found, confirming suspicions that rootkits are being used to hide other pieces of malicious software from anti-virus scanners.

Microsoft has added detections for some types of rootkits to its Windows Defender desktop product, and several other security vendors—most notably F-Secure and Winternals—have shipped highly rated anti-rootkit utilities.

Security researchers are continuing to push the envelope to find ways that hackers could make rootkits harder to find. Just recently, Joanna Rutkowska, a stealth malware researcher at Singapore-based IT security firm COSEINC, warned of a new Blue Pill concept that is capable of creating malware that remains “100-percent undetectable,” even on Windows Vista x64 systems.

Blue Pill uses Advanced Micro Devices SVM/Pacifica virtualization technology to create an ultrathin hypervisor that takes complete control of the underlying operating system. Malware researchers at Microsoft have also built a virtual machine rootkit and warned that the threat will multiply significantly.

/zimages/6/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.