ABSTRACT
A rootkit is a small, hard to detect computer program that stealthily invades an operating system or kernel and takes control of the computer. The rootkit can be placed on a computer by a hacker that gains unauthorized access to a computer, or by an unsuspecting authorized user that allows a virus or other malicious software to insert the rootkit into their computer. Cyberspace is full of threats and risks. Each danger must be carefully considered and protected against only to the extent that is reasonable and affordable in accordance with a prudent risk management program. When considering rootkits a risk manager will ask: How common are they? How severe are the consequences? How can they be prevented? How can they be removed? These general questions have been explored in a number of research projects and publications. At a finer level of detail and on a recurring basis, information assurance managers will also ask 'as of right now': How hard are they to create? How available is rootkit source code? How hard are they to install and operate? This paper describes a research project at Murray State University in which faculty and senior undergraduate students explored this second set of more time-sensitive questions. It describes both the pedagogical and technical issues of having students find rootkit source code on the web; getting the source code to run and operate in an academic laboratory without threatening the university's IT environment; and exploring what tools and techniques are currently available for detecting and removing rootkits.
- Huglund and Butler, Rootkits, Subverting the Windows Kernel, Addison Wesley, 2005. Google ScholarDigital Library
- Prevlakis and Spinellis, The Athens Affair, IEEE Spectrum, July 2007, volume 44 number 7, p 26--33. Google ScholarDigital Library
- Schneir, Sony's DRM Rootkit: The Real Story, Wired, November 17, 2005. http://www.schneier.com/blog/archives/2005/11/sonys_drm_rootk.html, accessed on 8/24/2007Google Scholar
- Skoudis, Malware: Fighting Malicious Code, Prentice Hall, 2004. Google ScholarDigital Library
- http://packetstorm.linuxsecurity.com accessed on 8/24/2007.Google Scholar
- http://sourceforge.net accessed on 8/24/2007Google Scholar
- http://rootkits.com accessed on 8/24/2007Google Scholar
- http://www.emsisoft.com accessed 8/24/200Google Scholar
Index Terms
- An undergraduate rootkit research project: How available? How hard? How dangerous?
Recommendations
An approach for detecting malicious keyloggers
InfoSecCD '12: Proceedings of the 2012 Information Security Curriculum Development ConferenceKeyloggers are applications that are installed onto computers with the intent of monitoring and storing keystrokes that are input by a user. These keystrokes can either be stored on a physical hard disk or transmitted via a network connection to a ...
A New Windows Driver-Hidden Rootkit Based on Direct Kernel Object Manipulation
ICA3PP '09: Proceedings of the 9th International Conference on Algorithms and Architectures for Parallel ProcessingIn 2005, Sony-BMG used a rootkit to conceal the digital right management software, which is aptly installed in consumers' computers to prevent unauthorized copying. As a result, it lets the installed rootkit computers provide malware with excellent ...
Research: Model for network behaviour under viral attack
Computer viruses, worms and Trojan horses pose the most severe intrusion threat against an automated environment, especially if this environment is distributed and the ability to enforce physical access control is very limited. These structures are also ...
Comments