Rootkits are everywhere

In the media and likely on your network!  I am suprised (pleasantly) to see so much attention being paid to a lurking menace.  Jon Box recently posted about it on his blog and called for a few of us to comment (which I did).

The fact of the matter is that Rootkits are like the devil, their greatest trick is to convince the world that they aren’t there.  They don’t show up in task manager or on service lists.  That is the whole point.

Luckily as I said the media is getting in on the scoop as in addition to Jon, Eweek has posted a pretty good article on the topic.  When you read this you should ask yourself two questions.  First how do I check for these things and get rid of them if they are found and second how do I see what is actually stored on my network.  It turns out that the hacked server becomes file server for media files is a common theme.  I recommend solid auditing and solid storage reporting as the primary ways of getting a handle on this.  For the reporting side we use Storage M&A by NTP Software.  It has the added benefit of helping protect you by keeping forbidden file types (i.e. *.vbs and even *.exe) from being written to your drives.  Exception based policies allow you to be flexible when needed, but you fix it if you don’t know it is broken.