Rootkits: Subverting the Windows Kernel
Rootkits: Subverting the Windows Kernel
Malware: Fighting Malicious Code
Malware: Fighting Malicious Code
IEEE Spectrum
| Hi-index | 0.00 |
A rootkit is a small, hard to detect computer program that stealthily invades an operating system or kernel and takes control of the computer. The rootkit can be placed on a computer by a hacker that gains unauthorized access to a computer, or by an unsuspecting authorized user that allows a virus or other malicious software to insert the rootkit into their computer. Cyberspace is full of threats and risks. Each danger must be carefully considered and protected against only to the extent that is reasonable and affordable in accordance with a prudent risk management program. When considering rootkits a risk manager will ask: How common are they? How severe are the consequences? How can they be prevented? How can they be removed? These general questions have been explored in a number of research projects and publications. At a finer level of detail and on a recurring basis, information assurance managers will also ask 'as of right now': How hard are they to create? How available is rootkit source code? How hard are they to install and operate? This paper describes a research project at Murray State University in which faculty and senior undergraduate students explored this second set of more time-sensitive questions. It describes both the pedagogical and technical issues of having students find rootkit source code on the web; getting the source code to run and operate in an academic laboratory without threatening the university's IT environment; and exploring what tools and techniques are currently available for detecting and removing rootkits.