When Virtual Is Better Than Real
HOTOS '01 Proceedings of the Eighth Workshop on Hot Topics in Operating Systems
Rootkits: Subverting the Windows Kernel
Rootkits: Subverting the Windows Kernel
Microsoft Windows Internals, Fourth Edition: Microsoft Windows Server(TM) 2003, Windows XP, and Windows 2000 (Pro-Developer)
Live forensics: diagnosing your system without killing it first
Communications of the ACM - Next-generation cyber forensics
Externally verifiable code execution
Communications of the ACM - Privacy and security in highly dynamic systems
SMM rootkits: a new breed of OS independent malware
Proceedings of the 4th international conference on Security and privacy in communication netowrks
Hypervisor support for identifying covertly executing binaries
SS'08 Proceedings of the 17th conference on Security symposium
The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System
The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System
Walowdac - Analysis of a Peer-to-Peer Botnet
EC2ND '09 Proceedings of the 2009 European Conference on Computer Network Defense
Compromise through USB-based Hardware Trojan Horse device
Future Generation Computer Systems
Hi-index | 0.00 |
Advanced malicious software threats have become commonplace in cyberspace, with large scale cyber threats exploiting consumer, corporate and government systems on a constant basis. Regardless of the target, upon successful infiltration into a target system an attacker will commonly deploy a backdoor to maintain persistent access as well as a rootkit to evade detection on the infected machine. If the attacked system has access to classified or sensitive material, virus eradication may not be the best response. Instead, a counter-intelligence operation may be initiated to track the infiltration back to its source. It is important that the counter-intelligence operations are not visible to the infiltrator. Rootkits can not only hide the malware, they can also be used to hide the detection and analysis operations by the defenders from the malware. This paper surveys the rootkit literature for their applicability to counter-intelligence operations.