Categories

BitTorrent
Conferences
Direct Revenue
Julie Amero
Myspace
Podcasts
Postbag
The Big Ones
The Fourth Wall
Yapbrowser
Zango

Creative Commons License
All articles licensed
under a Creative
Commons License.  








Home | About me | Press | The Fourth Wall | Links

Saturday, November 19, 2005

The root of all evil...

Oh man, my titles just get worse and worse. In all seriousness though, my mailbox is currently bulging with people wanting to know more about (deep breath), rootkits, the Middle East, Botnets, Sony, more Sony, even more Sony, something about a guy named Steve and if the kids from the close can have their ball back. Well, long story short, but: rootkits suck, the Middle East is very hot, Botnets do not involve robots or fishing, Sony sell TVs, Steve doesn't live here and I already cooked the ball and ate it for breakfast.

More importantly, the absolute mega-hot button topic of the day is, of course, the dreaded "R" word. I mean, I'm not sure why all these massive rootkit stories have exploded all at once, but it can only be a good thing for end-users who previously might have been tempted to call them all Trojans and leave it at that.

For me, it is clear that people get far too hung up on definitions - before you know it, you're trying to point out the subtle differences between some Trojan no-one's ever heard of and the finer points of rooting a box in ten simple steps, while juggling file definitions, the word "fluid" and why you really don't want to install the "Whack a mole" game.

Easiest way to think of it is, a rootkit is the first wave of a multi-pronged attack. They are the beach-head, if you like - the very definition of "storming the beaches". Except in this case, the beach is being stormed underground and the tunnels will lead right to your bunk, where the nasty soldiers will no doubt creep in under cover of darkness and smack you up with soap wrapped in towels or something.

Course, worst thing about the "Sony story" is that those "legit companies" I'm always talking about, with guys in offices with desks and chairs and pants with belts on them, will think oh goody, we can make our own rootkits for fun and profit! Go web go!

This is a bad thing.

And anyone found to be doing this should be royally taken to task. I don't think anyone who despises this kind of technology need worry - it is painfully obvious that, as soon as a company is outed, nothing but Batman armed with a machine gun will save the guilty party.

The Sony story (if memory serves) broke not too long after FaceTime revealed the IM rootkit bundle - and it doesn't seem like dying off anytime soon! Problems with the install, problems with the uninstaller, security issues with the ActiveX element, total recalls of the CDs sold, so on and so forth, yadda yadda yadda....

Yep, so no worries there then. Hopefully.

However, when you look at the big picture, as Suzi Turner has done over at ZDnet, I start to get twitchy. And when I get twitchy, you need to make sure all the sharp, stabby things they keep in kitchens are safely locked away. There's stuff in her writeup that I had completely forgotten about and even a story I'd missed completely. All very bad things - all involving rootkits.

It is inevitable, Mr Anderson...

Sunbelt raise concerns over rootkit definitions, and why the damn things suck, 24/7 with no exceptions. I really don't think you can afford to give any ground on these things. The slightest step back, and we could be in for a long barrage of craptacular installs.

And what of our Rootkit-Botnet, global in scale and masterminded by a group out in the Middle East?

Well, it sadly should come as no shock - in September, I noted that some installers out there were popping open sites in Arabic...not connected to the rootkit bundles in any way, but a clear sign of the new "hotbed" of hacking talent out there. In addition, I have had email dialogue with numerous security guys (and girls) from forums, who have discovered (in their own words) "nests" of leet haxor groups based in an Easterly direction. Plus, I know my way around leet haxor stomping grounds - and I can confirm , the above description is pretty damn accurate. Some years back, the "Hacker World War" (ask your parents) brought the world's attention to the fact that there were some outrageously talented hacking groups out in China - I predict the same will shortly be true of Middle-Eastern groups in the near future. If this latest attack is anything to go by, they most certainly have the tools and the talent.

Question is, how long will it go on for?

posted by paperghost at 9:06 AM | Digg it!

All Content © Vitalsecurity.org 2006. The content of this site is entirely the opinion of Paperghost, and is in no way endorsed by FaceTime Communications. In other words - have a problem, come see me.