IT DRILLDOWN
 
NEWSLETTERS
 

CIO.com updates, insights and advice on technology, management and your career.

 
 
 
LEADERSHIP
 
CIO Executive Programs
The Leader in Face-to-Face Education for Senior Executives

Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »

 
CIO Executive Council
A Peer-Advisory Service and Professional Association for CIOs

Public Teleconferences
Join CIO Executive Council members and participate in the following live teleconferences:

* Planning for Succession:
Models for IT Leadership Development, June 23
* Change Leadership at General Growth Properties: A
Pathways Leadership Development Seminar, June 25
* Managing Change: Centralizing Your IT Organization
July 29

More / Register »

Learn more about the CIO Executive Council »



 
 
RESOURCE CENTER
 
 
 
SUBSCRIBE TO CIO
 
Are you involved in setting the direction for your company's IT budget or strategy?

Apply today for a FREE subscription to CIO Magazine!

 
 

Feature

 

Are Rootkits the Next Big Threat to Enterprises?

An investigation revealed an unauthorized kernel modification had caused the system to become unstable and compromised the system's security.
 

April 30, 2007InfoWorld — Late at night, a system administrator performed a routine check of a crashed server, one of 48 systems comprising a major online infrastructure that generated about US$4 million per month in revenue. He was a bit surprised that the system had gone down, as it had been humming for months without any indication of being prone to crashing. The check uncovered three encrypted files. The administrator called on MANDIANT to analyze them.

What MANDIANT found was that an unauthorized kernel modification had caused the system to become unstable, and that the modification had compromised the system's security as well. To determine the extent of the breach, each of the 48 servers needed to be taken offline, booted in a controlled environment, and analyzed for three to five hours each. About half had the crack installed, forcing the company to assume that all credit card information had been compromised. What had first seemed routine resulted in a financial nightmare—one that many companies are leaving themselves exposed to, unaware of the increasing pervasiveness of rootkits.

Every organization is aware of the importance of securing core systems, networks, and end-user equipment in an increasingly mobile and malware-saturated world. But what most may not realize is the growing threat of malicious software intended to keep its presence hidden from administrators and traditional antivirus software. Termed after early Unix packages designed to replace commands that would otherwise alert admins to the presence of intruders who had "root" or admin access to systems, rootkits are on the rise among those seeking to steal corporate and personal information for financial gain.

Rootkits alone, of course, are not inherently malicious. But when packaged with malware, they can facilitate deeply compromising security breaches undetected, especially as they become increasingly popular for attacks on non-Unix systems, specifically Windows. And with Forrester Research recently estimating that security breaches cost companies between $90 and $305 for each record lost, who can afford to turn a blind eye to what may invisibly be leaching sensitive data from their network?

The rise of rootkits
Rootkits date back to the earliest years of the Internet, when crackers created cloaked variants of Unix commands to ensure their deeds on compromised systems would go undetected. A concern mainly of system administrators for Net-connected Unix systems, rootkits remained relatively low-profile for many years, until Sony BMG Music Entertainment's Windows rootkit digital rights management (DRM) boondoggle of 2005.

In an attempt to enforce copyright protection, Sony BMG developed a rootkit that surreptitiously installed extended copy protection (XCP) or MediaMax CD-3 software when music CDs were played on a PC. Poorly designed, the software opened holes in the Windows OS, facilitating infection by viruses and causing other system problems. Mark Russinovich, now a technical fellow at Microsoft, discovered the rootkit's behavior, which he then announced on his blog. The resulting furor and further illustrations of the fallout of the rootkit led Sony BMG to recall the CDs and issue a removal program. Unfortunately, the removal program was equally poorly designed, leading to additional privacy and security concerns, as documented by Russinovich.

 
 
 
 
 
 
Loading...
 
 
ABCs
 

How To Do Nearly Anything

Just the basics, please. Sometimes we all need a refresher or we need to make sure our team and our colleagues are all on the same page.

Over 25 tutorials on everything from business intelligence to virtualization.

 
 
FEATURED SPONSORS
 
 
 
SPONSORED LINKS
 

Choose a mobile device platform with familiar programs and simplified management

The Advantages of Identity Based Encryption

Regulations Shift Focus on Outbound Email Security

Forrester Total Economic Impact (TEI) report: Save Millions in Fraud Losses.

Get Control of Mobile Data (and More)

Mitigating Risk with Security Assessments

Top 10 Questions to Ask when Choosing a Secure File Transfer Solution

Webcast: Achieving business alignment and agility with the right capabilities framework

White Paper: Juniper Networks Ethernet Switching Solutions Reduce Operational IT Expenses

Webcast: Learn why companies must invest in an agile network infrastructure

White Paper: Businesses Thrive by Unifying Business Communications

Efficient by design: Watch this flash demo of the Quad-Core AMD Opteron Processor

Renowned Engineering Institution Chooses AMD Processor-Based Servers

High-Definition: The Evolution of Video Conferencing

Unify and Conquer: The Benefits of Unified Communications.

Key challenges facing today's IT service and support

Heinz Uses a Wireless, Automated, Auditing process on BlackBerry® devices

Webcast: Solutions to the Toughest IT Challenges in Remote Offices

Extending PCI Compliance to the Mobile Workforce

Webcast: Why standardizing your ECM platform is so critical to your success

White Paper: WebMethods Business Process Management Suite

Gaining Transparency in IT Outsourcing

Top 10 Misconceptions about Performance and Availability Monitoring

Network Immunity Manager Video

Cost-Effective Data Center 1U Server Solutions

The Great Email Security Debate: Appliances, SaaS, or Virtual?

Messaging Security Goes Virtual

Outbound Email and Data Loss Prevention in Today's Enterprise

How to Manage the Mobile Work Environment

How to simplify mobility and reduce the cost of supporting mobile workers

Rethinking the Corporate Help Desk: Learn how to deliver anywhere, anytime incident response

Webcast: Best practices in application security: How do you stack up?

Webcast: Building an Optimized Infrastructure

Juniper Networks is changing the economics of networking with a no-compromise, highperformance and service-oriented approach

Research about the efficiencies created by different operating systems.

Unified Communications Software: The Death of VoIP?

HP and Oracle deploy unbreakable computing infrastructure at Replacements, Ltd.

Seeing is Believing: The Value of Video Collaboration

Getting Network Management Right: A Gartner IT briefing

Oracle Database 11g: Real Application Testing & Manageability

Sheriff's Office Uses PocketCop to Access Police Databases from BlackBerry® Smartphones

The BlackBerry Solution Adds Significant Benefit to Toshiba

The New Foundation of Storage: Xiotech's Intelligent Storage Element

Green IT: Reducing Your Carbon Footprint with Citrix

The Universal Wireless Client: Simplify mobility and reduce the cost of supporting mobile workers

Top 10 Reasons to Go Green in IT

Transforming Virtualization into a Competitive Advantage

Write an RFP for Master Data Management: 10 Common Mistakes to Avoid

HP Puts Its Disaster-tolerant Capabilities to the Test

Microsoft System Center - Designed For Big