Intro
The second part of this series will examine the mechanisms that rootkits use in order to provide stealth, data collection, and protection for BOTs and other malware. Since this is a lengthy topic, this part will start with user-land techniques and then part 3 will discuss kernel techniques.
User-Mode Hooking Techniques
User-Mode hooking, or Application Programming Interface (API) hooking is the predominant method of stealth and obfuscation. The process works bascially in this manner:
Continue reading "Rootkits - making malware more powerful - part 2" »
Intro
This series of blog entries will examine the topic of rootkits , what they are, and how they work. Rootkits are a utility component to bots and other malware that provides stealth and protection for the malware. They are also the reason that makes malware very difficult to remove and sometimes detect. Therefore they are an important topic to explore as they apply to BOTs as well as other types of malware. This first part will examine what they are, why they exist and why they are a concern.
What are they?
Rootkits are not necessarily a new idea or technology, but like all software the techniques and goals have evolved over the years. Regarding strictly the terminology, a “root”-“kit” would be a collection or utilities, or a kit, which allows a user to obtain and manipulate root.
Continue reading "Rootkits - making malware more powerful - part 1" »
