Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Networking
    • Storage

    UConn Finds Rootkit in Hacked Server

    By
    Ryan Naraine
    -
    June 27, 2005
    Share
    Facebook
    Twitter
    Linkedin

      The University of Connecticut has detected a rootkit on one of its servers, almost two years after the stealth program was placed there by malicious hackers.

      The rootkit was found on a server that contains names, social security numbers, dates of birth, phone numbers and addresses for most of the universitys 72,000 students, staff and faculty, university officials confirmed Monday.

      “Although there is no evidence indicating that this personal data was accessed or extracted, [we are] contacting everyone whose identity may have been put at risk,” UConn said in a notice posted online.

      The rootkit was first placed on the server during a system compromise on October 26, 2003, but was only detected one week ago, on June 20.

      UConn said the attack took advantage of an insecure service for which no vendor patch was available, but stressed that an analysis of the computer showed that that the original compromise was incomplete.

      Part of the original October attack involved the installation of a “back door” to allow the hacker to remotely control the hijacked server, but the installation failed, the school said.

      “The nature of the compromise indicates that the server was breached during a broad attack on the Internet, and was not the target of a directed attack. Therefore, the attacker most likely had no knowledge of the kind of data on the server,” it added.

      /zimages/3/28571.gifRead more here about the dangers of rootkits.

      UConn is the first high-profile institution to publicly acknowledge the presence of a rootkit on a compromised server, but security researchers believe the threat is widespread and underreported.

      Mark Russinovich, chief software architect at Winternals Software LP, said the UConn discovery was not at all surprising. “My guess is that there have been other discoveries in other places but we just havent heard about this. When someone does disclose the fact they found some malware on a server, I dont always expect them to be fully upfront about what it is,” Russinovich said in an interview with Ziff Davis Internet News.

      Russinovich, who is also co-founder of the Sysinternals.com site, which offers a free Rootkit Revealer utility, said he believes the use of rootkits in malware attacks will “explode over the next six months.”

      “We already know that some pieces of spyware are already using rootkit techniques in a primitive format. This is going to be the wave of the future, where spyware programs are trying to try to look more and more like legitimate pieces of the operating system,” he added.

      /zimages/3/28571.gifTo read more about spyware writers using rootkit techniques, click here.

      “I think, eventually, anti-spyware, anti-virus and rootkit detection will become the same thing. Thats the only way to realistically deal with it,” Russinovich said.

      Sam Curry, vice president of eTrust security management at Computer Associates International Inc., said UConn officials should be applauded for coming clean about the discovery.

      “Im not at all surprised by this discovery. We knew this was possible,” Curry said. “Its refreshing to see the way UConn handled this.”

      “It was a very responsible thing to come out and say what they found and share the information with the community. It is very important to see what these big institutions are dealing with,” he added.

      Sysinternals is not the only software vendor flagging rootkits as a growing threat. F-Secure Inc. is currently testing a tool called BlackLight and plans to integrate the tools rootkit-detection capabilities into its anti-virus, firewall, intrusion-detection and anti-spyware products.

      Researchers at Microsoft have released Strider GhostBuster Rootkit Detection, a prototype tool capable of finding registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit.

      Microsoft has also added rootkit-detection and removal capabilities to its malware zapper, which is updated every month.

      /zimages/3/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

      Ryan Naraine
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×