Malware is old news! Rootkits are .. new news?

2004/2005 was all about wares with threeletter prefixes.. spyware, adware, malware. I bet that in five years we will say 2005/2006 was all all about rootkits. The discussion is flourishing everywere, allthough it's an old phenomenon. Sony "hides" their DRM-implementation with rootkit-techniques.. this months infocus at securityfocus discusses windows rootkits… several books on the subject have been published lately.

Some months ago, I commented Gartners presentation of Top ten threats, where spyware, worms and viruses all were presented as a bigger threat than exploits, even zero day exploits. My case was that malware has working ways of detection, although sometimes they are not enough, but a zero day exploit, by their definition, have no ways of detection. I've also stated that few worms has been written lately, with the effect that we were spared from the traditionall summer-worms. This is why I'm not surprised by the new hype, the rootkits. A zeroday exploit and a unknown "zeroday" rootkit will present a far greater danger than any "undirected" attack, like for instance a worm.. An zeroday attack might even, with a good rootkit, go unnoticed. Worst case scenario might be that we find out by our competitors selling an identical product, or when some newspaper screams our name on their headlines.

The infocus-article at securityfocus goes so far to claim rootkits being "more interesting than an exploit, even a 0-day exploit", which I doubt. They are certainly important and interesting, but I can't imagine that they would be of much interest without the initial exploitation phase even giving the oportunity for them to their job.

I bet we will see more of the rootkit discussion..