Language Selection

English French German Italian Portuguese Spanish

Black Hat conference: Newest Stealth Rootkits

Filed under
Security

Just when anti-virus vendors think they have a bead on the threat from stealth rootkits, along comes word that a pair of researchers have discovered a new way to hide malicious programs.

Jamie Butler, director of engineering at HBGary Inc., and Sherri Sparks, a PhD student at the University of Central Florida, demonstrated the technique at the Black Hat Briefings here with a chilling warning that anti-virus scanners must "completely revamp" existing rootkit detection technologies.

The proof-of-concept, dubbed Shadow Walker, is a modification of Butler's FU rootkit, a kernel-level program capable of hiding processes and elevating process privileges. The rootkit uses DKOM (Direct Kernel Object Manipulation) to fake out the Windows Event Viewer to make forensics virtually impossible and can also hide device drivers, Butler explained.

With Shadow Walker, Butler and Sparks explore the idea of memory subversion to hide the rootkit in memory with almost no performance impact.

"This is a prototype for a fourth generation of rootkits that would defeat the current rootkit detection technology," said Sparks, who is renowned for her work around offensive/defensive malicious code technologies.

Some existing rootkit defense technologies use behavior detection, integrity detection and signature-based detection to find the stealth programs. Others, like Microsoft Corp.'s Strider Ghostbuster, F-Secure Corp.'s BlackLight and Sysinternals Freeware's RootkitRevealer, search for registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit.

These guys are here showing us that we haven't even scratched the surface where rootkits are concerned.

Internet security practitioners in attendance described the Shadow Walker prototype as "scary."

Full Story.

More in Tux Machines

Gear Fit 2, Full Specifications Leaked, Runs Tizen !

Wearable fitness tech is a bit of a hot topic at the moment and Samsung are making no secret of the fact they want to be a key player in this arena. The first Gear Fit fitness tracker was launched in 2014, and now its time that it gets a well deserved refresh. Read more

Why Ubuntu-based Distros Are Leaders

One distribution that comes to mind is Ubuntu. Built from a solid Debian base, Ubuntu has not only become an incredibly popular Linux distro, it's also made countless other distributions such as Linux Mint a reality. In this article, I'll explore why I believe Ubuntu wins the Linux distribution wars and how it's influenced Linux on the desktop as a whole. Read more

Text for Linux users who just happen to be standing on their heads

Here’s one more really odd thing that you might consider doing when you’re finished setting up your 100+ new servers and troubleshooting problems that have stumped all the techies in the nearby vicinity – displaying text messages upside down. And if sheer entertainment is not enough of a reason, consider that the exercise might motivate you to think more deeply about the mysterious nature of character encoding systems. Yes, we’re going to turn phrases upside down -- not by flipping our monitors -- but by exchanging the usual characters that we see with their closest upside down equivalents – and then by presenting them on the screen in the reverse order. Read more

Discover in Plasma 5.7

Discover‘s future is Kirigami. We have already some work lined up (see the kirigami branch), we are pending some design work so that it shines, but the approach is already quite promising! Read more