This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. > Find out more here
All the latest UK technology news, reviews and analysis
|
|
by Shaun Nichols
21 Nov 2012
A recently discovered rootkit could provide researchers with insight on the direction being taken in the malware space, security experts have claimed.
Security researchers have begun issuing reports on an unnamed and previously unknown Linux rootkit posted earlier this month to a security mailing list.
While early analysis has found that the attack is relatively crude by Windows rootkit standards, the attack has caught the eye of vendors at it appears to be a commercially-designed sample rather than a targeted attack.
Researchers believe that the rootkit is intended for use on web servers, infecting 64-bit Linux kernels and then injecting further attack code into web pages.
The discovery of the rootkit could indicate that cybercriminals are increasingly looking to infect Linux systems with sophisticated attacks. Rootkits, which run at the kernel level of a system, have emerged as a favourite means for avoiding the detection of conventional antivirus software.
"Although the code quality would be unsatisfying for a serious targeted attack, it is interesting to see the cyber-crime-oriented developers, who have partially shown great skill at developing Windows rootkits, move into the Linux rootkit direction," security firm CrowdStrike wrote in its analysis of the malware.
"The lack of any obfuscation and proper HTTP response parsing, which ultimately also led to discovery of this rootkit, is a further indicator that this is not part of a sophisticated, targeted attack."
CrowdStrike researchers also suggested the attack is likely the work of a specially-contracted developer and has since been modified by the buyer.
Marta Janus, a researcher with Kaspersky Labs, suggested that the attack could also signal a shift away from high-level attacks on HTTP servers to more sophisticated methods with infect the server itself and poison hosted web pages.
"This rootkit, though it's still in the development stage, shows a new approach to the drive-by download schema and we can certainly expect more such malware in the future," Janus wrote.
Latest stories from Security
Related articles
Related jobs
Poll
How concerned are you by the rising tide of cyber threats?
A solid Android smartphone let down by less than stellar software
Updating your subscription status 
Connect with V3.co.uk
It's no longer one or other with web security; you can now have a virtualisation and SaaS hybrid model
BYOD is important for employee satisfaction, but poses challenges in terms of security, productivity loss and costs
SAS IMM Lead/SAS MA/SAS MO/SAS MOM/SAS RTDM/BI/Perm/London...
Key accountabilities This role will be leading the...
SAP Logistics Senior Associate - Manchester office base...
Proteus Europe is currently recruiting for a large European...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree