Signalling a trend towards increased 'outsourcing' of some elements of malware creation, security experts are reporting a surge in the level of professionalism and commercialisation in the creation of so-called rootkits. 

A rootkit is a tool that helps worm authors to slip past malware detection tools. The rootkit is 'wrapped around' the virus, and hides its payload from detection engines. After the rootkit has penetrated a system's defences, the worm can start doing its work.

Antivirus vendor F-Secure reported last week that it had detected a new rootkit designed to bypass detection by most of the modern rootkit detection engines. 

Traditionally a rootkit would be designed to evade only one security product, such as Symantec's or F-Secure's antivirus scanners.

"The professionalism of these rootkits is coming to another level," said Allen Schimel, chief strategy officer at StillSecure, a developer of intrusion detection, vulnerability management and network access control applications.

"These rootkits just cranked it up a notch in their ability to evade multiple antivirus products."

Adding a rootkit to a virus increases its chances of avoiding detection because modern antivirus applications do not just look for specific code, but incorporate behavioural analysis to catch worms.

A rootkit can also help a worm to remain undetected even after antivirus vendors have created signatures to catch the malware.

Rootkits go back to the early days of computer hacking, forming applications that open a backdoor into a user's system. This allows the hacker to access the computer remotely.

Such a tool was useful because it enabled hackers to use the computer as a launch-pad for new break-ins, or to store sensitive information without leaving a trail back to the hacker.

Rootkits are also being identified by most malware detection applications, so rootkit creators constantly update their wares in an effort to stay ahead of their opponents.