Language Selection

English French German Italian Portuguese Spanish

Black Hat conference: Newest Stealth Rootkits

Filed under
Security

Just when anti-virus vendors think they have a bead on the threat from stealth rootkits, along comes word that a pair of researchers have discovered a new way to hide malicious programs.

Jamie Butler, director of engineering at HBGary Inc., and Sherri Sparks, a PhD student at the University of Central Florida, demonstrated the technique at the Black Hat Briefings here with a chilling warning that anti-virus scanners must "completely revamp" existing rootkit detection technologies.

The proof-of-concept, dubbed Shadow Walker, is a modification of Butler's FU rootkit, a kernel-level program capable of hiding processes and elevating process privileges. The rootkit uses DKOM (Direct Kernel Object Manipulation) to fake out the Windows Event Viewer to make forensics virtually impossible and can also hide device drivers, Butler explained.

With Shadow Walker, Butler and Sparks explore the idea of memory subversion to hide the rootkit in memory with almost no performance impact.

"This is a prototype for a fourth generation of rootkits that would defeat the current rootkit detection technology," said Sparks, who is renowned for her work around offensive/defensive malicious code technologies.

Some existing rootkit defense technologies use behavior detection, integrity detection and signature-based detection to find the stealth programs. Others, like Microsoft Corp.'s Strider Ghostbuster, F-Secure Corp.'s BlackLight and Sysinternals Freeware's RootkitRevealer, search for registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit.

These guys are here showing us that we haven't even scratched the surface where rootkits are concerned.

Internet security practitioners in attendance described the Shadow Walker prototype as "scary."

Full Story.

More in Tux Machines

Red Hat News

Giving Linux and LibreOffice a Try for Your Home Office

Running your home office on a tight budget? There's a way to get all of your software—operating system (OS), productivity suite, scores of applications—completely free. It'll cost you, but not in the way you might think. This life-changing alternative is Linux, which gives you more flexibility, more have-it-your-way customization, and more control than Windows or OS X users could ever dream of. I caution that it'll cost you because it's decidedly not for everyone. While it's far friendlier today than it was a year or even six months ago, Linux still requires you to invest, nay, enjoy some time spent setting up and tinkering with your PC. Read more Also: New LibreOffice Vulnerability Patched in Ubuntu 16.04 LTS, Debian and Arch Linux

Containers and Servers

  • What are Linux containers?
  • Does your company have a plan for adopting containers?
    Linux containers are definitely attracting a lot of attention as cloud-native alternatives to virtual machines for application isolation and deployment, but where does your company sit on the adoption spectrum? As organizations grapple with how best to make business decisions in the face of challenges from limited resources, both human and capital, and find the speed of competition rapidly advancing, they must look to not just new technologies but new paradigms in order to stay afloat. Many organizations are looking to Linux containers as a part of this solution.
  • Using nano-segmentation Apcera looks to bring cloud trust to Docker container deployment
    Highly secure trusted cloud platform provider Apcera, Inc. today announced the release of its own approach to securely managing Docker containers in production at scale. The product is an enterprise-ready orchestration framework called the Apcera Trusted Cloud Platform and it is designed to address today’s gaps in container deployment, management and scalability with an eye for trust and security.
  • Analyst Angle: NFV and cloud driving changes in core network licensing models
    As telecom operators move toward NFV, SDN and cloud architectures, licensing models will need to adapt to new deployment methods
  • DevOps done right: Five tips for implementing database infrastructures
    DevOps couldn’t be hotter. To cope with modern customer demands, applications need to be developed, tested and put into production swiftly. Industry experts have been preaching about DevOps for faster, more reliable software development. Gartner expects this development approach will go mainstream by the end of 2016.

AMD and Linux