The design and implementation of tripwire: a file system integrity checker
CCS '94 Proceedings of the 2nd ACM Conference on Computer and communications security
Digital Rights Management, Spyware, and Security
IEEE Security and Privacy
Detours: binary interception of Win32 functions
WINSYM'99 Proceedings of the 3rd conference on USENIX Windows NT Symposium - Volume 3
A case study of the rustock rootkit and spam bot
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
Escape from monkey island: evading high-interaction honeyclients
DIMVA'11 Proceedings of the 8th international conference on Detection of intrusions and malware, and vulnerability assessment
| Hi-index | 0.00 |
In 2005, Sony-BMG used a rootkit to conceal the digital right management software, which is aptly installed in consumers' computers to prevent unauthorized copying. As a result, it lets the installed rootkit computers provide malware with excellent shelters to be capable of escaping anti-virus detection easily. We can observe that more and more malware writers are taking advantage of rootkits to shield their illegal activities. In this paper, we develop a new Windows driver-hidden rootkit with five tricks based on Direct Kernel Object Manipulation (DKOM), and have verified that it can successfully avoid well-known rootkit detectors. Our research goal is to find out the weaknesses of current detectors, and expect detector developers pay much attention to them and upgrade their products in order to identify the proposed new rookit. We affirm our efforts will be useful for stimulating detector developers to improve the current techniques of detecting Windows Driver-Hidden Rootkits.