Security researchers have discovered a new type of rootkit they believe will greatly increase the difficulty of detecting and removing malicious code.The rootkit in question, called Backdoor.Rustock.A by Symantec and Mailbot.AZ by F-Secure, uses advanced techniques to avoid detection by most rootkit detectors.The rootkit is “unique given the techniques it uses,” Symantec’s Elia Florio wrote in a recent analysis. “It can be considered the first-born of the next generation of rootkits.”Rustock.A uses a mixture of old techniques and new ideas to make it “totally invisible on a compromised computer when installed,” including a beta version of Windows Vista, Florio wrote. Symantec believes the rootkit originates from Russia, and a string found in the rootkit’s code indicates new versions will probably be forthcoming. Symantec has already logged a variant called Backdoor.Rustock.B.F-Secure noted Rustock’s use of NTFS’ Alternate Data Streams (ADS) as one significant example of its advanced behavior. “Saving your data into Alternate Data Streams is usually enough to hide from many tools,” wrote F-Secure researcher Antti Tikkanen in a company blog.“However, in this case, the stream is further hidden using rootkit techniques … because Mailbot.AZ is hiding something that’s not readily visible; it’s very likely that many security products will have a tough time dealing with this one.”F-Secure said it has released a new version of the BlackLight rootkit scanner, Build 2.2.1041, which can detect Rustock.According to researchers, other factors that help make Rustock invisible are that it has no process, instead running inside the driver and in kernel threads. It doesn’t hook into any native API, and controls kernel functions via special IRP functions. It removes its entries from kernel structures, and the SYS driver is polymorphic, changing its code from sample to sample.Rustock also scans for loaded rootkit scanners, then changes its behavior to avoid detection, according to Florio.-Matthew Broersma, Techworld.com (London) Check out our CIO News Alerts and Tech Informer pages for more updated news coverage. Related content feature 4 remedies to avoid cloud app migration headaches The compelling benefits of using proprietary cloud-native services come at a price: vendor lock-in. Here are ways CIOs can effectively plan without getting stuck. By Robert Mitchell Nov 29, 2023 9 mins CIO Managed Service Providers Managed IT Services case study Steps Gerresheimer takes to transform its IT CIO Zafer Nalbant explains what the medical packaging manufacturer does to modernize its IT through AI, automation, and hybrid cloud. By Jens Dose Nov 29, 2023 6 mins CIO SAP ServiceNow feature Per Scholas redefines IT hiring by diversifying the IT talent pipeline What started as a technology reclamation nonprofit has since transformed into a robust, tuition-free training program that seeks to redefine how companies fill tech skills gaps with rising talent. By Sarah K. White Nov 29, 2023 11 mins Diversity and Inclusion Hiring news Saudi Arabia will host the World Expo in 2030 in Riyadh By Andrea Benito Nov 28, 2023 3 mins CIO Artificial Intelligence Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe