Rootkits and Malicious Code Injection
نویسنده
چکیده
Rootkits, are considered by many to be one of the most stealthy computer malware(malicious software) and pose significant threats. Hiding their presence and activities impose hijacking the control flow by altering data structures, or by using hooks in the kernel. As this can be achieved by loadable kernel code sections, this paper tries to explain common entry points into a Linux kernel and how to keep a persistent access to a compromised machine.
منابع مشابه
Return-Oriented Rootkits: Bypassing Kernel Code Integrity Protection Mechanisms
Protecting the kernel of an operating system against attacks, especially injection of malicious code, is an important factor for implementing secure operating systems. Several kernel integrity protection mechanism were proposed recently that all have a particular shortcoming: They cannot protect against attacks in which the attacker re-uses existing code within the kernel to perform malicious c...
متن کاملCountering Lifetime Kernel Code Integrity Protections
Protecting the kernel of an operating system against attacks, especially injection of malicious code, is an important factor for implementing secure operating systems. To address this problem, several kernel code integrity protection mechanisms were proposed recently that aim to prevent malicious programs from being executed with kernel privileges. However, they all share a common shortcoming: ...
متن کاملK-Tracer: A System for Extracting Kernel Malware Behavior
Kernel rootkits can provide user level-malware programs with the additional capabilities of hiding their malicious activities by altering the legitimate kernel behavior of an operating system. While existing research has studied rootkit hooking behavior in an effort to help develop defense and remediation mechanisms, automated analysis of the actual malicious goals and capabilities of rootkits ...
متن کاملSurvey on Malware Detection Methods
Malwares are malignant software’s .It is designed to damage computer systems without the knowledge of the owner using the system. Software’s from reputable vendors also contain malicious code that affects the system or leaks information’s to remote servers.Malware’s includes computer viruses, spyware, dihonest ad-ware,rootkits,Trojans,dialers etc. The paper focuses on various Malware detection ...
متن کاملTransparent Protection of Commodity OS Kernels Using Hardware Virtualization
Kernel rootkits are among the most insidious threats to computer security today. By employing various code injection techniques, they are able to maintain an omnipotent presence in the compromised OS kernels. Existing preventive countermeasures typically employ virtualization technology as part of their solutions. However, they are still limited in either (1) requiring modifying the OS kernel s...
متن کامل