Understanding DMA Malware
نویسندگان
چکیده
Attackers constantly explore ways to camouflage illicit activities against computer platforms. Stealthy attacks are required in industrial espionage and also by criminals stealing banking credentials. Modern computers contain dedicated hardware such as network and graphics cards. Such devices implement independent execution environments but have direct memory access (DMA) to the host runtime memory. In this work we introduce DMA malware, i. e., malware executed on dedicated hardware to launch stealthy attacks against the host using DMA. DMA malware goes beyond the capability to control DMA hardware. We implemented DAGGER, a keylogger that attacks Linux and Windows platforms. Our evaluation confirms that DMA malware can efficiently attack kernel structures even if memory address randomization is in place. DMA malware is stealthy to a point where the host cannot detect its presense. We evaluate and discuss possible countermeasures and the (in)effectiveness of hardware extensions such as input/output memory management units.
منابع مشابه
Analysis of Malware Families on Android Mobiles: Detection Characteristics Recognizable by Ordinary Phone Users and How to Fix It
The sale of products using the android Operation System (OS) phone is increasing in rate: the fact is that its price is cheaper but its configured hardware is higher, users easily buy it and the approach to this product increases the risk of the spread of mobile malware. The understanding of majority of the users of this mobile malware is still limited. While they are growing at a faster speed ...
متن کاملTransparent System Introspection in Support of Analyzing Stealthy Malware
The proliferation of malware has increased dramatically and seriously damaged the privacy of users and the integrity of hosts in the past few years. Kaspersky Lab products detected over six billion threats against users and hosts in 2014 consisting of almost two million specific, unique malware samples [51]. McAfee reported that malware has greatly increased during 2014, with over 50 million ne...
متن کاملYou Can Type, but You Can’t Hide: A Stealthy GPU-based Keylogger
Keyloggers are a prominent class of malware that harvests sensitive data by recording any typed in information. Keylogger implementations strive to hide their presence using rootkit-like techniques to evade detection by antivirus and other system protections. In this paper, we present a new approach for implementing a stealthy keylogger: we explore the possibility of leveraging the graphics car...
متن کاملYou Can Type, but You Can’t Hide: A Stealthy GPU-based Keylogger
Keyloggers are a prominent class of malware that harvests sensitive data by recording any typed in information. Keylogger implementations strive to hide their presence using rootkit-like techniques to evade detection by antivirus and other system protections. In this paper, we present a new approach for implementing a stealthy keylogger: we explore the possibility of leveraging the graphics car...
متن کامل