Introduction

What Is a Professional Rootkit?

Hacker Defender, HE4Hook, Vanquish, NT Rootkit, FU, AFX Rootkit-these are the names of some of the rootkits that have found their way into millions of computers around the world. These rootkits share many similarities. Each was written by a single programmer or at best a few programmers. Each can provide unauthorized access to information. Each uses some form of stealth to avoid detection, and they all use technology not intended for their purpose.

What is the purpose of a rootkit? Many exist for the sole purpose of programmer recognition. Some find use as “botnet” clients that can work together to overload a particular site. Some end up distributing the spam we find in our e-mail every morning. Some provide conduits to otherwise secure networks. Others are used to gather our personal information for fun and profit. These purposes limit the final product to what I will term “casual software”-more precisely, software limited by purpose, where that purpose is illegal, unethical, destructive, or simply unprofitable. Software developed under these guises cannot usually garner the tools, materials, and expertise required to produce commercial-grade software.

This book looks beyond the casual rootkit into the emerging field of professional rootkits.

Webster defines “professional” as characterized by or conforming to the technical or ethical standards of a profession. In this case, the profession is software engineering, where the technical and ethical standards maintained by professional software engineers can produce commercial-grade products with capabilities far beyond those of a single programmer working in his or her spare time on an illegal or unprofitable project. In the case of rootkits, a well-funded team of professionals can exploit a broad range of technology to produce full-featured, robust software with extensive capabilities that are each fit-for-purpose.

Here we are again, back at purpose. Only now, with Professional Rootkits, the purpose is information leak prevention, content monitoring and filtering, copyright infringement prevention, or any similar need funded by a multimillion-dollar industry. These industries are looking for solutions, and some of those solutions require the stealth and functionality that can only be found in Professional Rootkits.