 |
|
Hooks hijacked? New research shows how to block stealthy malware attacks
November 03, 2009The spread of malicious software, also known as malware or computer viruses, is a growing problem that can lead to crashed computer systems, stolen personal information, and billions of dollars in lost productivity every year. One of the most insidious types of malware is a "rootkit," which can effectively hide the presence of other spyware or viruses from the user - allowing third parties to steal information from your computer without your knowledge. But now researchers from North Carolina State University have devised a new way to block rootkits and prevent them from taking over your computer systems.
To give some idea of the scale of the computer malware problem, a recent Internet security threat report showed a 1,000 percent increase in the number of new malware signatures extracted from the in-the-wild malware programs found from 2006 to 2008. Of these malware programs, "rootkits are one of the stealthiest," says Dr. Xuxian Jiang, assistant professor of computer science at NC State and a co-author of the research. "Hackers can use rootkits to install and hide spyware or other programs. When you start your machine, everything seems normal but, unfortunately, you've been compromised."
Rootkits typically work by hijacking a number of "hooks," or control data, in a computer's operating system. "By taking control of these hooks, the rootkit can intercept and manipulate the computer system's data at will," Jiang says, "essentially letting the user see only what it wants the user to see." As a result, the rootkit can make itself invisible to the computer user and any antivirus software. Furthermore, the rootkit can install additional malware, such as programs designed to steal personal information, and make them invisible as well.
In order to prevent a rootkit from insinuating itself into an operating system, Jiang and the other researchers determined that all of an operating system's hooks need to be protected. "The challenging part is that an operating system may have tens of thousands of hooks - any of which could potentially be exploited for a rootkit's purposes," Jiang says, "Worse, those hooks might be spread throughout a system. Our research leads to a new way that can protect all the hooks in an efficient way, by moving them to a centralized place and thus making them easier to manage and harder to subvert."
Jiang explains that by placing all of the hooks in one place, researchers were able to simply leverage hardware-based memory protection, which is now commonplace, to prevent hooks from being hijacked. Essentially, they were able to put hardware in place to ensure that a rootkit cannot modify any hooks without approval from the user.
North Carolina State University
In order to prevent a rootkit from insinuating itself into an operating system, Jiang and the other researchers determined that all of an operating system's hooks need to be protected. "The challenging part is that an operating system may have tens of thousands of hooks - any of which could potentially be exploited for a rootkit's purposes," Jiang says, "Worse, those hooks might be spread throughout a system. Our research leads to a new way that can protect all the hooks in an efficient way, by moving them to a centralized place and thus making them easier to manage and harder to subvert."
Jiang explains that by placing all of the hooks in one place, researchers were able to simply leverage hardware-based memory protection, which is now commonplace, to prevent hooks from being hijacked. Essentially, they were able to put hardware in place to ensure that a rootkit cannot modify any hooks without approval from the user.
North Carolina State University
Malware Current Events and Malware News RSSBogus e-mails from FDIC link computer users to viruses, says UAB computer forensics expert
Cyber criminals are using fake messages claiming to be from the Federal Deposit Insurance Corporation (FDIC) to deliver a virus capable of stealing unsuspecting victims' bank passwords and other sensitive personal information, says Gary Warner, the director of research in computer forensics at the University of Alabama at Birmingham (UAB).
Ants vs. worms: Computer security mimics nature
In the never-ending battle to protect computer networks from intruders, security experts are deploying a new defense modeled after one of nature's hardiest creatures - the ant.
Controlling the language of security
Korean computer scientists have developed a security policy specification for home networks that could make us more secure from cyber attack in our homes. They report details in the International Journal of Ad Hoc and Ubiquitous Computing.
UAB Computer Forensics Links Fake Online Postcards to Most Prevalent U.S. Computer Virus
Fake Internet postcards circulating through e-mail inboxes worldwide are carrying links to the virus known as Zeus Bot, said Gary Warner, director of computer forensics at the University of Alabama at Birmingham (UAB). Zeus Bot has been named America's most pervasive computer Botnet virus by Network World magazine, reportedly infecting 3.6 million U.S. computers.
This article will self-destruct: A tool to make online personal data vanish
Computers have made it virtually impossible to leave the past behind. College Facebook posts or pictures can resurface during a job interview. A lost cell phone can expose personal photos or text messages. A legal investigation can subpoena the entire contents of a home or work computer, uncovering incriminating, inconvenient or just embarrassing details from the past.
Putting a Korset on the spread of computer viruses
Anti-virus companies play a losing game. Casting their nets wide, they catch common, malicious viruses and worms (known to the industry as "malware"), but it may take days before their software updates can prepare your computer for the next attack.
Researchers develop next-generation antivirus system
Antivirus software on your personal computer could become a thing of the past thanks to a new "cloud computing" approach to malicious software detection developed at the University of Michigan.
UC-San Diego computer scientists shed light on Internet scams
Computer scientists from UC San Diego have found striking differences between the infrastructure used to distribute spam and the infrastructure used to host the online scams advertised in these unwanted email messages. This discovery should aid in the fight to reduce spam volume and shut down illegal online businesses and malware sites.
New weapons needed for the war on junk email
Today's spam filters are highly effective, but they may be no match for spammers seeking new ways to fool people into visiting commercial websites or downloading rogue software carrying viruses, worms, spyware, or other dangerous applications.
More Malware Current Events and Malware News Articles
 |
Malware Forensics: Investigating and Analyzing Malicious Code by Cameron H. Malin (Author), Eoghan Casey (Author), James M. Aquilina (Author) Malware Forensics: Investigating and Analyzing Malicious Code covers the emerging and evolving field of "live forensics," where investigators examine a computer system to collect and preserve critical live data that may be lost if the system is shut down. Unlike other forensic texts that discuss "live forensics" on a particular operating system, or in a generic context, this book emphasizes a live forensics and evidence collection methodology on both Windows and Linux operating systems in the context of identifying and capturing malicious code and evidence of its effect on the compromised system. Malware Forensics: Investigating and Analyzing Malicious Code also devotes extensive coverage of the burgeoning forensic field of physical and process memory analysis on both Windows and... |
 |
HACKING EXPOSED MALWARE AND ROOTKITS by Michael Davis (Author), Sean Bodmer (Author), Aaron LeMasters (Author) "A harrowing guide to where the bad guys hide, and how you can find them." --Dan Kaminsky, Director of Penetration Testing, IOActive "An amazing resource. It is timely, focused, and what we need to better understand and defend against one of the greatest cyber threats we face." --From the Foreword by Lance Spitzner, President of the Honeynet Project Don't let another machine become a zombie in the malware army Defend against the ongoing wave of malware and rootkit assaults the failsafe Hacking Exposed way. Real-world case studies and examples reveal how today's hackers use readily available tools to infiltrate and hijack systems. Step-by-step countermeasures provide proven prevention techniques. Find out how to detect and eliminate malicious embedded code, block pop-ups... |
 |
Malware: Fighting Malicious Code by Ed Skoudis (Author), Lenny Zeltser (Author) Malicious code is a set of instructions that runs on your computer and makes your system do something that you do not want it to do. For example, it can delete sensitive configuration files from your hard drive, rendering your computer completely inoperable; infect your computer and use it as a jumping-off point to spread to all of your buddies' computers; and steal files from your machine. Malicious code in the hands of a crafty attacker is indeed powerful. It's becoming even more of a problem because many of the very same factors fueling the evolution of the computer industry are making our systems even more vulnerable to malicious code. Specifically, malicious code writers benefit from the trends toward mixing static data and executable instructions, increasingly homogenous computing... |
 |
PC Magazine Fighting Spyware, Viruses, and Malware by Ed Tittel (Author) Think there's no malicious software on your computer? PC Magazine thinks you should think again. Scans by ISPs have revealed as many as twenty-eight spyware programs running on the average home computer--like yours. That's a lot of people prying into what's on your PC, and a DSL or cable connection is a virtual welcome mat. But by following Ed Tittel's advice, you can learn how invasions occur, spot an infestation, repair damage that's already done, and slam the door on those who want to hijack your PC--along with your wallet. Here's how you can * Learn to recognize when a Trojan horse, a virus, adware, or spyware has invaded your PC * Get the tools that can cure an infection * Dig into the Windows Registry to remove the nastiest of... |
 |
Mobile Malware Attacks and Defense by Ken Dunham (Author) Malware has gone mobile, and the security landscape is changing quickly with emerging attacks on cell phones, PDAs, and other mobile devices. This first book on the growing threat covers a wide range of malware targeting operating systems like Symbian and new devices like the iPhone. Examining code in past, current, and future risks, protect your banking, auctioning, and other activities performed on mobile devices. * Visual Payloads View attacks as visible to the end user, including notation of variants. * Timeline of Mobile Hoaxes and Threats Understand the history of major attacks and horizon for emerging threates. * Overview of Mobile Malware Families Identify and understand groups of mobile malicious code and their variations. * Taxonomy of Mobile... |
 |
Malware Detection (Advances in Information Security) by Mihai Christodorescu (Editor), Somesh Jha (Editor), Douglas Maughan (Editor), Dawn Song (Editor), Cliff Wang (Editor) Shared resources, such as the Internet, have created a highly interconnected cyber-infrastructure. Critical infrastructures in domains such as medical, power, telecommunications, and finance are highly dependent on information systems. These two factors have exposed our critical infrastructures to malicious attacks and accidental failures. Many malicious attacks are achieved by malicious code or malware, such as viruses and worms. Given the deleterious affects of malware on our cyber infrastructure, identifying malicious programs is an important goal. Unfortunately, malware detectors have not kept pace with the evasion techniques commonly used by hackers, i.e., the good guys are falling behind in the arms race. Malware Detection captures the state of the art research in the area of... |
 |
AVIEN Malware Defense Guide for the Enterprise by David Harley (Author), Ken Bechtel (Author), Michael Blanchard (Author), Henk K. Diemer (Author), Andrew Lee (Author), Igor Muttik (Author), Bojan Zdrnja (Author) Members of AVIEN (the Anti-Virus Information Exchange Network) have been setting agendas in malware management for several years: they led the way on generic filtering at the gateway, and in the sharing of information about new threats at a speed that even anti-virus companies were hard-pressed to match. AVIEN members represent the best-protected large organizations in the world, and millions of users. When they talk, security vendors listen: so should you. AVIEN's sister organization AVIEWS is an invaluable meeting ground between the security vendors and researchers who know most about malicious code and anti-malware technology, and the top security administrators of AVIEN who use those technologies in real life. This new book uniquely combines the knowledge of these two groups... |
 |
Spore by Electronic Arts From the creators of The Sims comes Spore, where you evolve a single-celled organism into a galactic god whose personality and abilities are completely up to you. Then interact with other players' creatures-including ones made by celebrities! EA Games. PC/MAC, NDS. |
 |
Gray Hat Python: Python Programming for Hackers and Reverse Engineers by Justin Seitz (Author) Python is fast becoming the programming language of choice for hackers, reverse engineers, and software testers because it's easy to write quickly, and it has the low-level support and libraries that make hackers happy. But until now, there has been no real manual on how to use Python for a variety of hacking tasks. You had to dig through forum posts and man pages, endlessly tweaking your own code to get everything working. Not anymore. "Gray Hat Python" explains the concepts behind hacking tools and techniques like debuggers, trojans, fuzzers, and emulators. But author Justin Seitz goes beyond theory, showing you how to harness existing Python-based security tools - and how to build your own when the pre-built ones won't cut it. You'll learn how to: Automate tedious reversing... |
 |
PC Clean Machine Personal PC Concierge Service by Clean Machine PC Clean Machine will give you a personal PC concierge who checks your computer regularly to keep your data protected and your computer running at optimal levels. A detailed report will be provided to explain what was done to protect your PC and improve its performance. Clean Machine has more safeguards than any other solution and is audited and insured to keep your information secure. Don't interrupt your life to fix your PC - your PC Concierge will work at a time that's convenient for you - even while you sleep! |
| © 2009 BrightSurf.com |