Virus writers have begun adding rootkit functionality as a component of commonplace malware such as MyDoom and Bagle. Rootkit technology is designed to hide the presence of malware on infected systems. Originally the technology featured only as a component of more sophisticated and exotic forms of malware. Now the technology has moved into the mainstream, anti-virus firm F-secure reports.

For example, Bagle-GE incorporates rootkit features designed to hide the processes and registry keys of another Trojan of the same family, Bagle-GF. The development has raised particular concerns because of strong links between Bagle and the operations of numerous botnets, networks of compromised Windows PCs that are often used to either distribute spam or attack other systems.

Gurong-A, a new worm based on MyDoom code - possibly created by a copycat author with access to leaked copies of MyDoon's source code - which also features rootkit (stealth) technology designed to help malware to avoid detection by conventional anti-virus scanners.

"Rootkit development has had such a lull in recent months that we were beginning to wonder if the technique had suddenly become passé. The last few days may have changed our opinion," F-Secure said. ®

Related stories

• F-Secure picks Malaysia as Asian hub (13 September 2006)
• MS clean-up stats shed light on malware infections (13 June 2006)
• Renegade spammer targets junk mail registry (3 May 2006)
• Infosec blog All my personal details for chocolate? Go on then (18 April 2006)
• Infected Windows PC? Just nuke it (5 April 2006)
• Virtual rootkits create stealth risk (13 March 2006)
• Researchers say rootkits are headed for BIOS (27 January 2006)
• Intel readies rootkit- rooting hardware (9 December 2005)
• Hackers plot to create massive botnet (3 June 2005)