McAfee has released Rootkit Detective, a new, free tool to help computer users clean their machines of increasingly prevalent hidden malicious codes known as rootkits.
Cybercrooks use rootkits to hide other nefarious programs on compromised PCs. Last year the number of rootkits hit 3,284 and has already more than doubled in the first half this year to 7,325. Since the initial trial release of Rootkit Detective in January, the application has been downloaded more than 110 000 times.
"Rootkit Detective offers the most comprehensive rootkit detection capabilities available today," says Chris van Niekerk, regional director: Africa at McAfee. "We have achieved extremely high levels of accuracy, using various techniques to find anything that hides itself on a computer."
Malicious rootkits are sold on underground online markets. Some hackers even create custom rootkits for payment. Often the software is used to hide a backdoor on a computer that lets miscreants enter surreptitiously.
Typically, a rootkit arrives in a Trojan horse or via a malicious download. Some adware makers use rootkits to cover up their software.
Rootkit Detective was developed by Avert Labs, McAfee's global security threat and research organisation. It is a powerful tool that lets computer users look under the hood of their PC operating system and could be used, for example, when there are signs of a compromise, such as a sudden slowdown or suspicious network activity.
Rootkit Detective uncovers hidden processes, registry entries and files and lets users safely remove or disable them upon system reboot.
In addition, Rootkit Detective can scan the integrity of a PCs kernel memory and display any modification, which may also point to a system compromise.
Using Rootkit Detective, consumers and businesses can submit samples to Avert Labs. After analyses, a signature for the rootkit is created and added to McAfee's client security products for enhanced rootkits detection and protection capabilities.
Rootkit Detective is available at: http://vil.nai.com/vil/stinger/rkstinger.aspx