Paul Roberts of the IDG News Service writes:

Microsoft Corp. security researchers are warning about a new generation of powerful system monitoring programs, or ‘rootkits,’ that are almost impossible to detect using current security products and that could pose a serious risk to corporations and individuals.

The researchers discussed the growing threat posed by kernel root kits at a session at the RSA Security Conference in San Francisco on Tuesday. The malicious snooping programs are becoming more common and could soon be used to create a new generation of mass-distributed spyware and worms.

With names like “Hacker Defender,” “FU,” and “Vanquish,” the programs are the latest generation of remote system monitoring software that has been around for years, according to Mike Danseglio and Kurt Dillard, both of Microsoft’s Security Solutions Group.

The programs are used by malicious hackers to control, attack or ferret information from systems on which the software has been installed and are typically installed on a machine without the owner’s knowledge, either by a virus or following a successful hack of the computer’s defenses, they said….

It is sometimes possible to spot kernel rootkits by examining infected systems from another machine on a network, said Dillard. Another strategy to spot kernel rootkits is to use Windows PE, a stripped-down version of the Windows XP operating system that can be run from a CD-ROM, to boot a computer, then comparing the profile of the clean operating system to the infected system, according to Dillard and Danseglio. Microsoft researchers have even developed a tool, named “Strider Ghostbuster” that can detect rootkits by comparing clean and suspect versions of Windows and looking for differences that may indicate a kernel rootkit is running, according to a paper published by Microsoft Research.

[Microsoft On 'Rootkits': Be Afraid. Be Very Afraid, continued]