Wednesday, September 24, 2008

Technical publisher issues warning on rootkits


Michael Kassner has an article in the Tech Republic blogs, “10 Things” series that affects Internet safety mainly in the workplace or especially for small businesses with home networks, especially Unix or (more likely) Linux machines.

The article is “10+ Things You Should Know About Rootkits,” link here.

The term refers to programs that allow one to get to the root or admin (or kernel) layer on a Unix or Linux server and execute malware without knowledge of system administrators. Generally they get loaded by users clicking on email links or sometimes through IM. One particularly disturbing feature is polymorphism, which might change internal operating system machine code and make normal security or anti-virus software inoperable. There are also firmware rootkits.

I had an earlier domain on a friend’s webhosting from 1997 to late 2001. Over the fourth of July in 2001 (before 9/11), while the friend was away, the kernel of his Unix machine was infected by a rootkit. Fortunately, a rackspace cohost was able to get his sites back up in about four hours while he was gone, but he had to do a complete rebuild of his Unix system. It would appear that a direct Internet connection could cause an incident like this if a machine is not adequately protected. Another problem that small business webhosting ISP servers had in the late 90s and early 2000’s was a tendency to be vulnerable to prankish DOS attacks, which were met by slowing down and bouncing the incoming packets. Since about 2000, there has been a tendency for small hosts to be absorbed by larger companies, as they have trouble competing with them, particularly in terms of maintaining stability.

No comments: