Full rootkits are, as yet, relatively rare compared to the number of software and malware using technology derived from rootkits. We are, and will be getting more help requests from people who do not have full rootkits but are infected by derivative "rootkitware."

I did a name search on "rootware" and "kitware" and both are being used by commercial outfits already. To the best of my knowledge, no one is using the term "rootkitware" yet. I think we should copyright it to CastleCops, using it to describe programs and exploits which use rootkit tech. Thus,



I just did a quick search on "rootkitech" and found that Pravda mentions it first in one of their articles. "Rootech," on the other hand, is registered to a hydroponics garden outfit.

It seems to me that we need an all encompassing label for exploits, malware and software that use rootkit technology, but are not actually full rootkits.

Comments anyone?

_________________

Microsoft MVP Consumer Security 2006, 2007 & 2008

How about an acronym? Something like "RAS" = "rootkit associated software". We may be able to get a better name with something short in acronym form.

I got it "RATS" = "rootkit associated technology systems"! How's that do for you?

I can see it now, some expert saying we exterminated your RATS!

RATS usually refers to Remote Access Trojans. But it's nice to have some fun with it.

Rootkitware could be shortened to "RkW" or just "RW."

_________________

Microsoft MVP Consumer Security 2006, 2007 & 2008

How about "DORKS" = "damn ordinary rootkit software".

Or, "DUCKS" = "damn ugly common kit software". Somewhere between my diseased ears, a good one is waiting!

"DROLL" = 'damn rootkit or look's like"

"JERK" = "just emerging rootkit"

Hi

Well, if we follows ASCs definitions ie System Modification Sofware using Rootkits behavior.

System Modifying Software: Any program used to modify a user's system and change their experience, such as by altering their home page, search page, default media player, or lower level system functions.

Rootkit: A program that fraudulently gains or maintains administrator level access that may also execute in a manner that prevents detection. Once a program has gained access, it can be used to monitor traffic and keystrokes; create a backdoor into the system for the hacker's use; alter log files; attack other machines on the network; and alter existing system tools to circumvent detection. Rootkit commands replace original system command to run malicious commands chosen by the attacker and to hide the presence of the Rootkit on the system by modifying the results returned by suppressing all evidence of the presence of the Rootkit. Rootkits are an extreme form of System Modification Software.

http://www.antispywarecoalition.org/documents/glossary.htm

http://www.antispywarecoalition.org/documents/definitions.htm

Members:
http://www.antispywarecoalition.org/about/index.htm

What about cloakware or stealthware .

crud = "crummy rootkit unfortunately detected"

strep = "system targeting rootkits emerging plannetwide"

core = "contingency obliterating rootkit evolution"

dark = "determined adept rootkit killers"

tariff = "to advocate rootkits is futile fool"

star = "soldiers to annihilate rootkits"

EDIT

What about darkware , ghostware or shadowware .

Did you try searching the above? Pop each of them into Google (for example) and see what comes up.

_________________

Microsoft MVP Consumer Security 2006, 2007 & 2008

star = "soldiers to annihilate rootkits"
that ones catchy......

Would it be worth coming up with two names?
It seems to me that Rootkit technology commonly exhibits one or both of the properties included in the definition submitted by plunx:
1. Some sort of file system hidden from the OS and
2. Administrative access
For example AFAIK, ADS and the infamous Sony RK only involves the first property. Would that make sense? I.e. would it help to differentiate and classify RKs?

The original meaning of rootkit from the unix world, actually consisted of malware that was used to gain access to root and maintain acccess.

In the windows world, where everyone runs as root, understandably, there is no need for rootkits to gain root access, and focus shifted to hiding processes and files (the maintance part).

It seems to me that the current view of rootkits is actually as follows

"A rootkit is a tool that is designed to hide itself and other processes, data, and/or activity on a system"

There is no mention of root access at all in the definition, the focus is all on hiding. Currently, any spyware or adware that hides itself is automatically classed by many people as rootkit, however not all forms of hiding involve root access. NTFS ADs for example.

Also I think it is valuable to make a distinction between classic rootkits that are typically bundled with backdoors and keyloggers for hackers to 'own' and spyware/adware type programs that merely use stealth tactics to protect themself from removal.

Both types of malware use stealth tactics, but are worlds apart in terms of consequence.

As some have noted, if you find a 'rootkit' (using the current definition)
of the first kind, it is safer to format and start over, while if it is of the second kind it is acceptable to just remove it.

I propose that stealthware is a better term for the type of malware we are seeing.

Since rootkits are working at kernel level at least with kernel level hooks. That to me is the root of the system far lower then the user travels.
There are user level hooks as well .

Rootkitware can be stealthware (some of Norton's products do that) or derivative malware such as CWS which is using rootkit tech now.

The term "-ware," as a suffix refers to merchandise or groups of objects modified by the root word as in Housewares. Rootkitware is anything and everything based on rootkits, from whitehat to blackhat and crackerjacks.

I just coined the term and went searching for examples used by others. Finding none, I did the Internet equivalent of date-stamping it.

Another way to establish copyright is to take something you've written, print or write it out on paper, sign and date it, then pop it in an envelope and mail it to yourself. When you receive it, you do not open it. Take that down to your copyright registration office and present it to them. Otherwise, just keep it in case you need it later.

_________________

Microsoft MVP Consumer Security 2006, 2007 & 2008

You got the joke.

Good. Ever heard of a Hardware Store? You get hammers, nails, picks and shovels there. Those are hard - ware, aren't they? They are ware.

_________________

Microsoft MVP Consumer Security 2006, 2007 & 2008