Rootkits leave antivirus systems powerless

An increasing number of virus writers are using so-called 'rootkit' technology to create malware that is invisible to existing antivirus packages, IT security experts warned today.

Rootkits have been around in Unix systems for about 15 years, but the technology has only been in Windows systems recently, according to security firm F-Secure.

They allow hackers to hide spam servers, stolen media and illegal content on infected computers, and provide a backdoor that gives full administrator privileges to those who know how to access it.

"Windows rootkit is a stealth technique for hiding files. But does it at the kernel level, rather than at the application level," explained Patrick Runald, senior technical consultant at F-Secure.

"As such, virtually none of the current antivirus products can detect a rootkit at work. You can bet they all will, but that will take about six months and the rootkits are being used now."

Two recent viruses, Myfip.H and Maslan.A, both had stealth features borrowed from rootkits, according to Runald.

Dr Emlyn Everitt, a consultant at Logicalis and the first person in Britain to gain a PhD in intrusion prevention, added: "The key to any hacking attack is privilege escalation.

"Most security conscious people will have limited PC privileges. These rootkits allow you to escalate the privileges and get full control, and they can be easily customised to get past antivirus security."