I thought it was about time I jumped on the bandwagon about rootkits in light of the recent challenges the the Sony software. I can imagine that there are many pieces of code out there that have been designed for one purpose or another and unintentially caused problems. I was speaking to Mark Russinovich the other day about the Sony rootkit and I think you should read his blog to get all of the details: http://www.sysinternals.com/blog/
To my mind it is the responsability for programmers to realise not only the function of their code, but take responsability for it’s use. A really bad but apt analogy is the story of Michael Kalashnikov – I will leave you to look it up if you don’t already know. Another good example is; when I was at school I came across a piece of software called the Catapillar virus that was designed to target people on the machines running certain games on the system. This software was written by some students (and had nothing to do with the school) with good intentions but one of them left the code lying around and it soon got adapted and exploited for other things. Many people and companies do take responsability, but too many don’t.
If you came to InfoSec or are a member of TASK (Toronto Area Security Klatch) you will be aware that Brian Borne and Chris Diachock from CMS Consultants have been presenting a very balanced and interesting look at rootkits. They have put their findings on the TASK.TO we site.
I will also suggest you go to Dan Sellers’ blog: http://blogs.msdn.com/dansellers/ as he lists many resources for programmers on secure code. Dan is my counterpart on the MSDN team and recently presented at the West Coast Security Forum in Vancouver on threat modeling.
If you come across useful information in rootkits and other security challenges, please feel free to share them with us all.