Hacking Exposed Malware & Rootkits: Security Secrets and Solutions, Second Edition, 2nd Edition

CHAPTER 4 KERNEL-MODE ROOTKITS

Perhaps the most widely used rootkit technology in the wild, kernel-mode rootkits represent the most visible rootkit threat to computers today. StormWorm, which devastated hundreds of thousands of machines in 2007, had a kernel-mode rootkit component (see http://recon.cx/2008/a/pierre-marc_bureau/storm-recon.pdf). This component allowed the worm to do more damage and infect systems at a very deep level: the operating system.

For that reason, we’ll spend a considerable amount of time discussing the internals of the Windows operating system. Kernel mode means being on the same level as the operating system, so a kernel-mode rootkit must understand how to use the same functions, structures, and techniques that other ...

Get Hacking Exposed Malware & Rootkits: Security Secrets and Solutions, Second Edition, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Hacking Exposed Malware & Rootkits: Security Secrets and Solutions, Second Edition, 2nd Edition by Christopher C. Elisan, Michael A. Davis, Sean M. Bodmer, Aaron LeMasters

CHAPTER 4

KERNEL-MODE ROOTKITS

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly